tips dan cara membuat blogSecuobs.com : 2013-10-11 01:49:08 - security - Trik dan cara membuat blog yang mudah bagi anda yang hobi ngeblog dan pemula yang ingin ikut eksis didunia blog,namun belum begitu faham tentang tata cara membuat blog yang baik dan benar,berikut ini ane akan berbagi resep tentang membuat blog di platform blogspot Kenapa blogspot karena banyak sekali para master yang merekomendasikan untuk menggunakan atau membuat blog via blogspot Banyak sekali keunggulan yang didapat dengan membuat blog di blogspot salah satunya adalah kita bisa memodifikasi tampilan sesuai keinginan, selain itu juga dapat menghasilkan uang dari blogspot Yasudah mari kita tkp untuk tata cara membuat blog dengan blogspot 1 gunakan email gmail 2 menuju blogspotcom 3 pilih buat blog baru 4 kemduian ikuti step2 erikutnya jadi deh demikianlah tutorial singkat tentang cara membuat blog dengan menggunakan blogspot http://www.secuobs.com/revue/news/473962.shtmlhttp://www.secuobs.com/revue/news/473962.shtmlStrategi Cipto JunaedySecuobs.com : 2013-05-14 04:35:19 - security - Cipto Junaedy Nama ini sudah tidak asing lagi Strategi Tanpa Uang Tanpa Utang yang diajarkannya dikenal orisinil dan mendobrak Strateginya itu mampu mematahkan strategi Kiyosaki dan Dolf De Ross yang berbasis utang Hampir setiap minggu namanya menghiasi berbagai media massa nasional dan daerah Seminar yang dibawakannya pun menjadi yang terbesar dan terpopuler, juga hadir secara eksklusif dikenal tanpa menggunakan sponsor manapun, karena materi yang disampaikannya berbicara tentang strategi dan agar bebas kepentingan Hanya dalam waktu relatif singkat sejak memulai seminarnya, Cipto Junaedy telah berbicara di hadapan lebih dari 500000 orang Dia didengar oleh berbagai lapisan masyarakat Mulai dari yang kaya dan berpengaruh, seperti pengusaha besar, direktur korporat, para pejabat pemerintahan tingkat pusat maupun daerah, tokoh-tokoh parpol, anggota DPR, artis-artis terkenal, presenter televisi, wartawan, kalangan militer dan kepolisian, pengacara, pemuka agama, tokoh-tokoh adat, dokter, aktivis LSM, budayawan, hingga yang sederhana, seperti ibu rumah tangga, mahasiswa, guru, pensiunan, pedagang kecil, dan relawan korban bencana Rata-rata setiap 42 hari Cipto Junaedy memberikan 1 rumah gratis atau uang senilai rumah kepada mereka yang membutuhkan Sebagai mentor, dia juga telah membuktikan ajarannya sendiri dalam membeli property tanpa uang tanpa utang Dia telah mencaplok berbagai property strategis di sejumlah kota besar di Indonesia dan luar negeri Yang terkini, pada Mei 2011, dia berhasil mencaplok 90 unit apartement yang bergengsi di Jakarta dari developer terkemuka hanya dalam waktu 15 hari http chordsmantapblogspotcom 2013 05 cipto-junaedyhtml http://www.secuobs.com/revue/news/445194.shtmlhttp://www.secuobs.com/revue/news/445194.shtmlKiat menjadi Konsumen cerdas paham perlindungan konsumenSecuobs.com : 2013-04-08 13:00:32 - security - 1 Tegakkan Hak Kewajiban Anda Selaku KonsumenKonsumen diajarkan untuk kritis dan berani memperjuangkan haknya apabila barang jasa yang dibelinya tidak sesuai dengan standar yang dipersyaratkan dan tidak sesuai dengan diperjanjikan, tetapi Konsumen cerdas paham perlindungan konsumen juga harus mengerti kewajibannya sebagaimana tercantum pada UUPK 2 Teliti Sebelum MembeliKonsumen cerdas paham perlindungan konsumen diajarkan selalu mempunyai kebiasaan untuk teliti atas barang dan atau jasa yang ditawarkan tersedia dipasar Minimal secara kasat mata dapat digunakan untuk mengetahui keadaan yang sebenarnya dari barang dan atau jasa tersebut, dan bila kurang jelas paham, dapat menyampaikan untuk bertanya atau untuk memperoleh informasi atas barang dan atau jasa tersebut Berdasarkan hal ini, dapat diperoleh gambaran umum atas barang dan atau jasa yang ditawarkan di pasar 3 Perhatikan Label, MKG, dan Masa KadaluarsaKonsumen harus lebih kritis untuk mengetahui kondisi barang dan atau jasa, khususnya atas barang makanan, minuman, obat dan kosmetik, dalam keadaan terbungkus yang disertai label Dalam label dicantumkan antara lain komposisi, manfaat aturan pakai, dan masa berlaku Bila membeli produk telematika dan elektronika harus dilengkapi dengan petunjuk penggunaan manual dan kartu jaminan garansi purna jual dalam bahasa Indonesia Perhatikan masa kadaluarsa agar berhati-hati terhadap barang yang masuk kedalam tubuh atau yang digunakan diluar atas tubuh Karena barang tersebut sangat erat kaitannya dengan aspek kesehatan, keamanan dan keselamatan K3L konsumen 4 Pastikan Produk Sesuai dengan Standar Mutu K3LKonsumen diajak untuk mulai akrab dengan produk bertanda SNI dan memperhatikan produk yang sudah yang wajib SNI Produk bertanda SNI lebih memberikan jaminan kepastian atas kesehatan, keamanan dan keselamatan konsumen, bahkan lingkungannya K3L Saat ini terdapat produk dengan SNI yang diberlakukan secara sukarela voluntary dan 89 jenis produk yang sudah SNI Wajib Standar lain yang diberlakukan di dunia adalah Japanese Industrial Standards JIS , British Standards BS , American Society for Testing and Materials ASTM , Codex Standard, ConformitÃ EuropÃ enne CE , dan lain-lain 5 Beli Sesuai Kebutuhan Bukan KeinginanKonsumen diajak untuk mempunyai budaya perilaku tidak konsumtif artinya bukan barang dan atau jasa yang menguasai atau mempengaruhi konsumen andalah sebagai Konsumen cerdas paham perlindungan konsumen yang menguasai keinginannya untuk membeli barang dan atau jasa http://www.secuobs.com/revue/news/438122.shtmlhttp://www.secuobs.com/revue/news/438122.shtmlObat Wasir dan Ambeien Manjur di Obatwasirbiz Secuobs.com : 2012-12-14 19:52:16 - security - Obat Wasir dan Ambeien Manjur di Obatwasirbiz adalah suatu keyword yang sedang di perlombakan di lintasan seo google yang akan segera berakhir dalam beberapa jam sahabat saya pembolang ikut berpartisipasi dalam ajang kontes seo ini Kontes seo ini diadakan oleh obatwaasirbiz yang mana menyediakan tentang obat herbal untuk penyakit wasir dan lain sebagainya Semoga pembolang bisa mempertahankan posisi nya di page one dalam kontes seo Obat Wasir dan Ambeien Manjur di Obatwasirbiz http://www.secuobs.com/revue/news/417135.shtmlhttp://www.secuobs.com/revue/news/417135.shtmlShort Cut Windows 8 Metro StyleSecuobs.com : 2012-12-09 04:20:03 - security - This is some Short cut from windows 8 check it out Windows key Switch between Modern Desktop Start screen and the last accessed application Windows key C Access the charms bar Windows key Tab Access the Modern Desktop Taskbar Windows key I Access the Settings charm Windows key H Access the Share charm Windows key K Access the Devices charm Windows key Q Access the Apps Search screen Windows key F Access the Files Search screen Windows key W Access the Settings Search screen Windows key P Access the Second Screen bar Windows key Z Brings up the App Bar when you have a Modern Desktop App running Windows key X Access the Windows Tools Menu Windows key O Lock screen orientation Windows key Move the screen split to the right Windows key Shift Move the screen split to the left Windows key V View all active Toasts Notifications Windows key Shift V View all active Toasts Notifications in reverse order Windows key PrtScn Takes a screenshot of the screen and automatically saves it in the Pictures folder as Screenshot Windows key Enter Launch Narrator Windows key E Open Computer Windows key R Open the Run dialog box Windows key U Open Ease of Access Center Windows key Ctrl F Open Find Computers dialog box Windows key Pause Break Open the System page Windows key 110 Launch a program pinned on the Taskbar in the position indicated by the number Windows key Shift 110 Launch a new instance of a program pinned on the Taskbar in the position indicated by the number Windows key Ctrl 110 Access the last active instance of a program pinned on the Taskbar in the position indicated by the number Windows key Alt 110 Access the Jump List of a program pinned on the Taskbar in the position indicated by the number Windows key B Select the first item in the Notification Area and then use the arrow keys to cycle through the items Press Enter to open the selected item Windows key Ctrl B Access the program that is displaying a message in the Notification Area Windows key T Cycle through the items on the Taskbar Windows key M Minimize all windows Windows key Shift M Restore all minimized windows Windows key D Show Hide Desktop minimize restore all windows Windows key L Lock computer Windows key Up Arrow Maximize current window Windows key Down Arrow Minimize restore current window Windows key Home Minimize all but the current window Windows key Left Arrow Tile window on the left side of the screen Windows key Right Arrow Tile window on the right side of the screen Windows key Shift Up Arrow Extend current window from the top to the bottom of the screen Windows key Shift Left Right Arrow Move the current window from one monitor to the next Windows key F1 Launch Windows Help and Support PageUp Scroll forward on the Modern Desktop Start screen PageDown Scroll backward on the Modern Desktop Start screen Esc Close a charm Ctrl Esc Switch between Modern Desktop Start screen and the last accessed application Ctrl Mouse scroll wheel Activate the Semantic Zoom on the Modern Desktop screen Alt Display a hidden Menu Bar Alt D Select the Address Bar Alt P Display the Preview Pane in Windows Explorer Alt Tab Cycle forward through open windows Alt Shift Tab Cycle backward through open windows Alt F Close the current window Open the Shut Down Windows dialog box from the Desktop Alt Spacebar Access the Shortcut menu for current window Alt Esc Cycle between open programs in the order that they were opened Alt Enter Open the Properties dialog box of the selected item Alt PrtScn Take a screen shot of the active Window and place it in the clipboard Alt Up Arrow Move up one folder level in Windows Explorer Like the Up Arrow in XP Alt Left Arrow Display the previous folder Alt Right Arrow Display the next folder Shift Insert CD DVD Load CD DVD without triggering Autoplay or Autorun Shift Delete Permanently delete the item rather than sending it to the Recycle Bin Shift F6 Cycle backward through elements in a window or dialog box Shift F10 Access the context menu for the selected item Shift Tab Cycle backward through elements in a window or dialog box Shift Click Select a consecutive group of items Shift Click on a Taskbar button Launch a new instance of a program Shift Right-click on a Taskbar button Access the context menu for the selected item Ctrl A Select all items Ctrl C Copy the selected item Ctrl X Cut the selected item Ctrl V Paste the selected item Ctrl D Delete selected item Ctrl Z Undo an action Ctrl Y Redo an action Ctrl N Open a new window in Windows Explorer Ctrl W Close current window in Windows Explorer Ctrl E Select the Search box in the upper right corner of a window Ctrl Shift N Create new folder Ctrl Shift Esc Open the Windows Task Manager Ctrl Alt Tab Use arrow keys to cycle through open windows Ctrl Alt Delete Access the Windows Security screen Ctrl Click Select multiple individual items Ctrl Click and drag an item Copies that item in the same folder Ctrl Shift Click and drag an item Creates a shortcut for that item in the same folder Ctrl Tab Move forward through tabs Ctrl Shift Tab Move backward through tabs Ctrl Shift Click on a Taskbar button Launch a new instance of a program as an Administrator Ctrl Click on a grouped Taskbar button Cycle through the instances of a program in the group F1 Display Help F2 Rename a file F3 Open Search F4 Display the Address Bar list F5 Refresh display F6 Cycle forward through elements in a window or dialog box F7 Display command history in a Command Prompt F10 Display hidden Menu Bar F11 Toggle full screen display Tab Cycle forward through elements in a window or dialog box PrtScn Take a screen shot of the entire screen and place it in the clipboard Home Move to the top of the active window End Move to the bottom of the active window Delete Delete the selected item Backspace Display the previous folder in Windows Explorer Move up one folder level in Open or Save dialog box Esc Close a dialog box Num Lock Enabled Plus Display the contents of the selected folder Num Lock Enabled Minus - Collapse the selected folder Num Lock Enabled Asterisk Expand all subfolders under the selected folder Press Shift 5 times Turn StickyKeys on or off Hold down right Shift for 8 seconds Turn FilterKeys on or off Hold down Num Lock for 5 seconds Turn ToggleKeys on or off http://www.secuobs.com/revue/news/415901.shtmlhttp://www.secuobs.com/revue/news/415901.shtmlSecuObs.comhttp://www.secuobs.com
Observatoire de la securite Internetfrwebmaster@secuobs.comSecurity Kahuna Podcast, 3-3-152015-03-03 13:44:57 - Security Bloggers Network : Newly disclosed data breaches A constant stream of fresh security vulnerabilities Dangerous network configurations Bad passwords Old lessons unheeded Bill Brenner, Dave Lewis and Martin McKeay discuss the latest incidents in the never-ending fight against evilListen to the full episode http://www.secuobs.com/revue/news/561909.shtmlhttp://www.secuobs.com/revue/news/561909.shtmlHillary Clinton used personal email for government business, putting security at risk2015-03-03 13:13:20 - Security Bloggers Network : Hillary Clinton might be in hot water after it is revealed that she never had an official email account, but was instead using a personal one That's potentially a breach of federal law, but it's definitely a security risk Read more in my article on http://www.secuobs.com/revue/news/561899.shtmlhttp://www.secuobs.com/revue/news/561899.shtml Firewall The king of network security2015-03-03 10:50:07 - Help Net Security : A new FireMon report, based on a survey of over 700 network security practitioners, reveals that firewalls remain highly strategic to organizations' current and future security strategies with an ov http://www.secuobs.com/revue/news/561879.shtmlhttp://www.secuobs.com/revue/news/561879.shtmlStormshield Endpoint Security protège proactivement ses clients du secteur bancaire contre l'APT Carbanak2015-03-03 10:31:10 - Global Security Mag Online : Nouvelle génération de menaces, les APT Advanced Persistent Threat combinent méthodiquement plusieurs vecteurs et outils d'intrusion pour frapper lentement mais sûrement Si elles visaient précédemment à voler les données sensibles des usagers numéros de carte de crédit, mots de passe de compte en ligne, , les attaques ciblent désormais le cœur même des institutions financières pour détourner des fonds Stormshield Arkoon Netasq , acteur de référence sur le marché de la cyber-sécurité, revient sur - Produits http://www.secuobs.com/revue/news/561876.shtmlhttp://www.secuobs.com/revue/news/561876.shtml Security threats and the retail industry2015-03-03 08:58:36 - Help Net Security : Only 18 percent of retail IT security professionals are concerned that point of sale devices are being targeted by cyber criminals, and only 20 percent are confident that point of sale devices are s http://www.secuobs.com/revue/news/561860.shtmlhttp://www.secuobs.com/revue/news/561860.shtmlPowerShell Summit 2014 - PowerShell for Security Incident Response - Lee Holmes and Joe Bialek2015-03-03 07:01:19 - SecurityTube.Net : Windows PowerShell is becoming increasingly common in all forms of security administration, operations, and of course security penetration testing and research This talk will demonstrate how attackers leverage PowerShell for post-exploitation tasks once they break in to a system We'll show how to help prevent these attacks by following PowerShell's security best practices for both scripting and operational tasks Buckle your seatbelts For More Information Please Visit - http powershellorg wp community-events summit http://www.secuobs.com/revue/news/561842.shtmlhttp://www.secuobs.com/revue/news/561842.shtmlPowerShell Summit 2014 - Just Enough Admin - Security in a Post-Snowden World2015-03-03 07:01:19 - SecurityTube.Net : When asked what to do about corporate hacking, Ex NSA Director Michael Hayden replied, Man up and defend yourselves Within a few years, Edward Snowden rocked the world by disclosing information he had gathered using his NSA administrative privileges JitJea stands for Just In Time, Just Enough Admin It is a PowerShell toolkit that you can use to man up and defend yourselves by allowing people to perform admin tasks without giving them admin privileges For More Information Please Visit - http powershellorg wp community-events summit http://www.secuobs.com/revue/news/561841.shtmlhttp://www.secuobs.com/revue/news/561841.shtmlWhy Security Awareness Alone Won't Stop Hackers2015-03-03 00:59:07 - Computer Security News : End-user training is a noble pursuit but it's no defense against low and slow attacks that take months and years to carry out We're all familiar with the infamous quote Insanity is doing the same thing over and over again and expecting different results http://www.secuobs.com/revue/news/561824.shtmlhttp://www.secuobs.com/revue/news/561824.shtml8 Security Practices to Use in Your Employee Training and Awareness Program2015-03-03 00:00:07 - Security Bloggers Network : This might be hard to believe, but it is true 59pourcents of data breaches are happening not because of some smart hacker who wants to do harm to your company those breaches are happening because of your own employees As http://www.secuobs.com/revue/news/561818.shtmlhttp://www.secuobs.com/revue/news/561818.shtmlPlease vote for Naked Security in the 2015 Security Blogger Awards 2015-03-03 00:00:07 - Security Bloggers Network : Along with the RSA 2015 conference in San Francisco in April come the Security Blogger Awards We're shortlisted, so please vote for us http://www.secuobs.com/revue/news/561816.shtmlhttp://www.secuobs.com/revue/news/561816.shtmlServer Security Upgrades - DT's Blog2015-03-02 23:33:16 - DEF CON Announcements : Housekeeping image After moving all of the DEF CON hardware because the building was scheduled to be demolished go figure , we started a pretty rigorous set of security upgrades HPKP support on the webservers Check DNSSEC support all around Check In an effort to keep you informed about what we're up to, security-wise and to maybe inspire everyone to get up to date, DT has started a blog on the DEF CON forums about the upgrade process Check it out, and feel free to leave a comment http://www.secuobs.com/revue/news/561815.shtmlhttp://www.secuobs.com/revue/news/561815.shtmlBlackphone 2 Caters To the Enterprise, the Security-Minded and the Paranoid2015-03-02 22:55:02 - Slashdot Your Rights Online : Mark Wilson writes While much of the news coming out of MWC 2015 has been dominated by Microsoft's Lumia 640, the Samsung Galaxy S6 Edge, and tablets from Sony, there's always room for something a little different Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up the Blackphone 2 The privacy-centric company has been working on the world's first enterprise privacy platform for some time now and the second generation Blackphone As you would expect, there's a faster processor than before -- an 8-core beast -- as well as an upgraded 3GB RAM, a larger 55 inch screen and a bigger battery than before Blackphone 2 has a 600 price tag and will be unleashed in July IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/561811.shtmlhttp://www.secuobs.com/revue/news/561811.shtmlAppie Portable Android Security Testing Suite2015-03-02 19:21:12 - Darknet The Darkside : http://www.secuobs.com/revue/news/561786.shtmlhttp://www.secuobs.com/revue/news/561786.shtmlGone phishing what s the best way to educate staff on security 2015-03-02 18:47:05 - Security Bloggers Network : http://www.secuobs.com/revue/news/561778.shtmlhttp://www.secuobs.com/revue/news/561778.shtmlUber security breach could leave 50,000 drivers exposed2015-03-02 17:34:52 - Security Bloggers Network : As many as 50,000 Uber drivers could have been affected by a security breach last year, potentially leaving their personal data in the hands of an unauthorized third-party, reports Tech Crunch The post Uber security breach could leave 50,000 drivers e http://www.secuobs.com/revue/news/561765.shtmlhttp://www.secuobs.com/revue/news/561765.shtmlStudy Minority of Retail IT Security Pros Concerned that Cybercriminals Are Targeting PoS Systems2015-03-02 15:41:14 - Security Bloggers Network : According to a recent study, only 18 percent of retail IT security professionals are concerned that cybercriminals are targeting point of sale PoS devices installed on their networks, and only 20 percent are confident that those same devices are securely configured Between July and September 2014, Tripwire conducted a study in which it compared the Read More The post Study Minority of Retail IT Security Pros Concerned that Cybercriminals Are Targeting PoS Systems appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/561742.shtmlhttp://www.secuobs.com/revue/news/561742.shtmlGraham Cluley nominated for security blogger award Vote now 2015-03-02 15:41:14 - Security Bloggers Network : Good luck to everyone - and may the best Dr Who-loving British security blogger based in Oxford win http://www.secuobs.com/revue/news/561740.shtmlhttp://www.secuobs.com/revue/news/561740.shtmlInvincea Appoints Former IBM Security Executive as Vice President of Marketing2015-03-02 15:41:14 - Security Bloggers Network : Invincea Appoints Former IBM Security Executive as Vice President of Marketing FAIRFAX, VA - Mar 2, http://www.secuobs.com/revue/news/561739.shtmlhttp://www.secuobs.com/revue/news/561739.shtmlSecurity Sense The Impact and Paradox of Lenovo Domain DNS Hijacking2015-03-02 15:05:14 - Security Bloggers Network : One of the obvious problems with DNS hijacking is that any website can now be stood up in place of the legitimate one, you simply point the records to a new fraudulent site In Lenovo s case, certificate validation is somewhat of a paradoxical situation because much of the concern with the whole Superfish debacle was that anyone could create a cert that infected machines would trust read more http://www.secuobs.com/revue/news/561738.shtmlhttp://www.secuobs.com/revue/news/561738.shtmlWho owns an investigation into a security breach 2015-03-02 15:02:52 - Office of Inadequate Security : Taylor Armerding writes The last things an organization needs when launching an investigation into any kind of security http://www.secuobs.com/revue/news/561736.shtmlhttp://www.secuobs.com/revue/news/561736.shtmlCustomer Data Convenience versus Security2015-03-02 13:55:20 - Security Bloggers Network : Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings This could include things like automated car tax purchas http://www.secuobs.com/revue/news/561724.shtmlhttp://www.secuobs.com/revue/news/561724.shtmlAcunetix clamps down on costly website security with online solution2015-03-02 12:18:18 - Acunetix Web Application Security Blog : London, March 2, 2015 As cyber security continues to hit the headlines, even smaller companies can expect to be subject to scrutiny and therefore securing their website is more important than ever In response to this, Acunetix are offering the online edition of their vulnerability scanner at a new lower entry price This new Read More The post Acunetix clamps down on costly website security with online solution appeared first on Acunetix http://www.secuobs.com/revue/news/561710.shtmlhttp://www.secuobs.com/revue/news/561710.shtmlArmy opts for openness with new computer security tool2015-03-02 10:04:39 - Computer Security News : Army researchers in a lab outside Washington worked for years on a software tool to help soldiers understand how hackers were targeting military computers Late last year they did something unusual They released their project for anyone on the Internet to poke and prod http://www.secuobs.com/revue/news/561701.shtmlhttp://www.secuobs.com/revue/news/561701.shtmlDeepsec 2014 - Java's SSLSocket How Bad APIs Compromise Security2015-03-02 09:38:36 - SecurityTube.Net : Georg Lukas obtained his PhD degree in 2012 in the context of wireless protocol design At DeepSec 2014 he held a presentation about the implementation of SSL sockets in Java Internet security is hard TLS is almost impossible Implementing TLS correctly in Java is Nightmare This talk will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561697.shtmlhttp://www.secuobs.com/revue/news/561697.shtmlDeepsec 2014 - Introduction to and Survey of TLS Security2015-03-02 09:38:36 - SecurityTube.Net : This talk gives an introduction to the TLS protocol, basic understanding of cryptography and security principles which TLS relies on and surveys attacks and protocol flaws on TLS over the last two decades Upcoming security and privacy enhancements to TLS will be discussed as well as mitigation of various attack vectors and upcoming TLS standards It was held at DeepSec 2014 by Aaron Zauner For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561696.shtmlhttp://www.secuobs.com/revue/news/561696.shtmlDeepsec 2014 - Cyber Security Information Sharing2015-03-02 09:38:36 - SecurityTube.Net : This presentation, held at DeepSec 2014, introduces the main problems that organizations face when sharing Cyber Security information and propose solutions that once implemented would enable the development of a comprehensive platform for Cyber Security information sharing The talk was held by Oscar Serrano NATO Communication and Information Agency Organizations operate increasingly in a coalition and federated environment and the necessity of relying on each other s information systems in such an environment increases the need to exchange various types of cyber security information, such as data on vulnerabilities, threats and incidents at both the strategic and tactical levels However, information sharing between partners remains a critical requirement that is only partly met by various approaches that do not deliver the required efficiency and effectiveness It is also becoming increasingly apparent that given the complexity of modern CIS and the speed at which cyber-attacks progress, there is a need to develop highly automated cyber security capabilities The ideal responses in a number of current and future cyber-attack scenarios rely on the use of automated processes Since automation is a function on a set of input data, the correctness of this input data is critical Input data must therefore be both comprehensive and accurate However, collecting and assuring the quality of the cyber security data required to support automation is a daunting task that few, if any, organisations can actually perform In a coalition environment, it is necessary to pool expert resources in a burden-sharing arrangement to collect and assure cyber security data It is also necessary to allow for the commercial outsourcing of this work For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561695.shtmlhttp://www.secuobs.com/revue/news/561695.shtml New versions of Tails and Tor Browser fix numerous security issues2015-03-02 09:02:11 - Help Net Security : Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card It aims at preserving your privacy and anonymity Several security holes that affect Ta http://www.secuobs.com/revue/news/561679.shtmlhttp://www.secuobs.com/revue/news/561679.shtml Mobile security market to reach 348 billion by 20202015-03-02 07:49:49 - Help Net Security : BYOD is adopted by most SMBs and large organizations, a major reason for the adoption of mobile security software Smartphones are majorly adopted in Asia Pacific region and contributes largest revenu http://www.secuobs.com/revue/news/561677.shtmlhttp://www.secuobs.com/revue/news/561677.shtmlSecurity Slice Taxation With Misrepresentation2015-03-02 06:44:29 - Security Bloggers Network : Good news Federal tax return fraud is going down The bad news State filing fraud has risen 3700pourcents TurboTax briefly halted e-filings in in over a dozen states in response to the massive uptick of online fraud How can consumers protect themselves this tax season Listen to our latest security slice podcast and hear Craig Young and Lane Read More The post Security Slice Taxation With Misrepresentation appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/561673.shtmlhttp://www.secuobs.com/revue/news/561673.shtmlSunday Security Maxim2015-03-01 19:45:20 - Security Bloggers Network : IMAGE Thanks for Nothin Maxim A vulnerability assessment that finds no vulnerabilities or only a few is worthless and wrong - as compiled by Roger G Johnston, PhD, CPP, Argonne National Laboratory http://www.secuobs.com/revue/news/561649.shtmlhttp://www.secuobs.com/revue/news/561649.shtmlExpert discusses America's cyber security problem2015-03-01 15:42:04 - Computer Security News : Cyber security is now a subject that most Americans have become familiar with Major retailers and health insurance providers get hacked all the time and there are people that are figuring out ways to stop it http://www.secuobs.com/revue/news/561641.shtmlhttp://www.secuobs.com/revue/news/561641.shtmlSecurity site to bookmark securityerrataorg2015-03-01 01:52:55 - Security Bloggers Network : Controversial but worth-readingIn the past, guilds regulated and controlled the practice of a craft Securityerrataorg, an initiative from the attritionorg volunteer crew, aims to protect the information security profession from intrudersIn an almos http://www.secuobs.com/revue/news/561619.shtmlhttp://www.secuobs.com/revue/news/561619.shtmlSecurity Assumptions and the Real World2015-02-28 21:10:10 - Security Bloggers Network : Seeing a locked gate or door is not enough to accept safety All of us must begin asking questions, looking beyond what we want to see controls that make us feel safe like a properly configured firewall that does nothing to stop the implementation o http://www.secuobs.com/revue/news/561611.shtmlhttp://www.secuobs.com/revue/news/561611.shtmlSaturday Security Maxim2015-02-28 19:18:12 - Security Bloggers Network : Infinity Maxim There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered by the good guys or bad guys Comment http://www.secuobs.com/revue/news/561603.shtmlhttp://www.secuobs.com/revue/news/561603.shtmlCMSmap Content Management System Security Scanner2015-02-28 18:43:57 - Darknet The Darkside : http://www.secuobs.com/revue/news/561602.shtmlhttp://www.secuobs.com/revue/news/561602.shtmlBought PII from the government PLEASE DON T LOSE IT 60 Sec Security VIDEO 2015-02-28 16:11:58 - Security Bloggers Network : Here's the latest episode of our weekly computer security roundup The latest news presented so you can enjoy itin just one minute http://www.secuobs.com/revue/news/561597.shtmlhttp://www.secuobs.com/revue/news/561597.shtml We take the privacy and security of your information very seriously, Saturday edition2015-02-28 14:27:06 - Office of Inadequate Security : I ve been known to get a tad snarky about breach notification letters that begin with how the breached entity takes http://www.secuobs.com/revue/news/561592.shtmlhttp://www.secuobs.com/revue/news/561592.shtmlAZ Court clerk Security breach affects hundreds of court cases2015-02-28 00:07:05 - Office of Inadequate Security : Raquel Hendrickson reports A severe dereliction of duty is what Clerk of the Superior Court Amanda Stanford is calling a http://www.secuobs.com/revue/news/561541.shtmlhttp://www.secuobs.com/revue/news/561541.shtmlUber security breach may have affected up to 50,000 drivers2015-02-27 23:33:17 - Office of Inadequate Security : Tracey Lien reports Thousands of Uber driver names and driver s license numbers may be in the hands of an http://www.secuobs.com/revue/news/561535.shtmlhttp://www.secuobs.com/revue/news/561535.shtmlJust-in-Time Security2015-02-27 20:50:38 - Security Bloggers Network : IMAGE Just-in-Time Security --------------------------------------------------------------------- I was but a wee lass back when the Just-in-Time movement achieved mainstream awareness in the US Let me tell you, it was a big hit --------------------------------------------------------------------- Copyright 1996-2013 Juniper Networks, Inc All rights reserved Update preferences IMAGE IMAGE IMAGE IMAGE submit to reddit IMAGE IMAGE http://www.secuobs.com/revue/news/561526.shtmlhttp://www.secuobs.com/revue/news/561526.shtmlTevora Welcomes Decorated Navy Seal to Security Symposium at The Magic Castle2015-02-27 20:16:28 - Security Bloggers Network : Tevora will be hosting the 2015 Information Security Symposium on Friday, March 13, bringing together IT security professionals for dinner and networking, followed by one of the most sought-after speakers in the nation Navy SEAL, Rob O Neill This event will take place at the exclusive, members-only club, The Magic Castle in Hollywood Rob O Neill is http://www.secuobs.com/revue/news/561525.shtmlhttp://www.secuobs.com/revue/news/561525.shtmlNational Computer Security Incident Response Teams2015-02-27 19:41:14 - Security Bloggers Network : National Computer Security Incident Response Teams The post National Computer Security Incident Response Teams appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/561524.shtmlhttp://www.secuobs.com/revue/news/561524.shtmlEnterprise security What s new for the week of February 23, 20152015-02-27 17:18:37 - Security Bloggers Network : entsec news_smalljpgHere s what new in Security Intelligence Zero-Day Coverage for HP TippingPoint for the week February 23, 2015 IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/561509.shtmlhttp://www.secuobs.com/revue/news/561509.shtmlWhat IT Professionals Say About Security 2015-02-27 16:02:49 - Security Bloggers Network : IT Pros Speak About CompTIA Security After writing a blog post on Is Security Worth It , I reached out to past Security students for their opinions and posted the question as a poll to answer yes or no in the IT Professionals community on Google The community contains over 160,000 members After 232 votes, 19 comments, and several email responses I can draw three clear conclusions 1 Yes if you want to work in the federal government Department of Defense Directive 8570 DoDD 8570 requires all full-time and part-time military service members, defense contractors, civilians and foreign employees with privileged access to a DoD system, regardless of job series or occupational specialty, to obtain a commercial certification credential that has been accredited by the American National Standards Institute ANSI The CompTIA Security certifications is required for certain individuals Comments from the Google poll agreed on this fact However, for professionals working in the commercial sector, the certification may not help as much and prove unnecessary if you have significant cyber security experience Who can say how much and what type of experience is enough to land you the right type of job The accreditation may appear as entry-level or for the IT IMAGE http://www.secuobs.com/revue/news/561499.shtmlhttp://www.secuobs.com/revue/news/561499.shtmlNYS Audit Office of Information Technology Services Security and Effectiveness of Department of Motor Vehicles Licensing and Registration Systems2015-02-27 16:00:04 - Office of Inadequate Security : NYS s audit of its Office of Information Technology Services Division of Criminal Justice Services Core Systems http://www.secuobs.com/revue/news/561497.shtmlhttp://www.secuobs.com/revue/news/561497.shtmlLatest Security Research Reports February 27, 20152015-02-27 14:11:42 - Security Bloggers Network : The following are the most recent research reports by 451 analysts covering information security A 451 subscription is required to read a full report, if you do not have a subscription you can apply for a trial https 451researchcom apply-for-trial Aruba Networks and the battle over NAC In a space dominated by Cisco, Aruba Networks 2013 revival http://www.secuobs.com/revue/news/561476.shtmlhttp://www.secuobs.com/revue/news/561476.shtmlAudit Office of NYS Information Technology Services OITS Security and Effectiveness of Division of Criminal Justice Services Core Systems2015-02-27 14:09:45 - Office of Inadequate Security : Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS http://www.secuobs.com/revue/news/561474.shtmlhttp://www.secuobs.com/revue/news/561474.shtml Security framework for governments deploying the cloud2015-02-27 09:33:22 - Help Net Security : ENISA released a framework structured into four phases, nine security activities and fourteen steps that details the set of actions Member States should follow to define and implement a secure Gov Clo http://www.secuobs.com/revue/news/561447.shtmlhttp://www.secuobs.com/revue/news/561447.shtmlSecurity Slice Gone SuperFishing2015-02-27 07:20:50 - Security Bloggers Network : There s something fishy about the Lenovo computers sold between September and December 2014 During this time period, Lenovo included an adware program call SuperFish, which injected third-party advertisements into users web browsers without their permission Simply put the security community and consumers are outraged over this addition in their laptops Just how serious is SuperFish Read More The post Security Slice Gone SuperFishing appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/561420.shtmlhttp://www.secuobs.com/revue/news/561420.shtmlIs Compliance Bad for Security 2015-02-27 07:20:50 - Security Bloggers Network : Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure Having worked in the industry for more than a decade, I know that this is demonstrably not true My Read More The post Is Compliance Bad for Security appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/561419.shtmlhttp://www.secuobs.com/revue/news/561419.shtmlDeepsec 2014 - Why IT Security Is Fucked Up And What We Can Do About It2015-02-27 07:18:29 - SecurityTube.Net : Stefan Schumacher is head of the Magdeburger Institut für Sicherheitsforschung Magdeburg Institute for Security Research and currently running a research programme about the psychology of security At DeepSec 2014 he shares his thoughts on the state of information security with the audience IT Security is in a miserable state The problems have been discussed again and again without advancing IT Security Discussing the key length of AES is necessary, but not the peak of IT Security, as long as users chose weak passwords, developers implement buffer overflows and vendors deliver faulty banana software IT Security research did not adapt well to the challenges of IT security Instead of focusing on fields like man-machine interaction, perception of security by users and developers or political measures like producer's liability the same simple problems are discussed again and again This is not surprising, since Computer Science is a trivial science and only successful because it ignores hard problems like human behaviour This rant will give an overview about what's wrong in IT Security and Security Research I will show you why cryptosystems really fail, what Psychology knows about security and what IT Sec has to do if it ever wants to break the current circle jerk and start generating more security For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561417.shtmlhttp://www.secuobs.com/revue/news/561417.shtmlDeepsec 2014 - Security Operations Moving to a Narrative-Driven Model2015-02-27 07:18:29 - SecurityTube.Net : At DeepSec 2014 Josh Goldfarb FireEye held a presentation about the fundamental paradigm of security operations The current security operations model is an alert-driven one Alerts contain a snapshot of a moment in time and lack important context, making it difficult to qualify the true nature of an alert in a reasonable amount of time On the other hand, narratives provide a more complete picture of what occurred and tell the story of what unfolded over a period of time Ultimately, only the narrative provides the required context and detail to allow an organization to make an educated decision regarding whether or not incident response is required, and if so, at what level This talk presents the Narrative-Driven Model for incident response For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561408.shtmlhttp://www.secuobs.com/revue/news/561408.shtmlDeepsec 2014 - Safer Six - IPv6 Security in a Nutshell2015-02-27 07:18:29 - SecurityTube.Net : At DeepSec 2014 Johanna Ullrich SBA Research presents findings on the deployment and the state of affairs regarding information security and IPv6 The history of computers is full of underestimation 640 kilobyte, 2-digit years, and 32-bit Internet addresses IPv6 was invented to overcome the latter as well as to revise other drawbacks and security vulnerabilities of its predecessor IPv4 Initially considered the savior in terms of security because of its mandatory IPsec support, it turned out not to be the panacea it was thought to be Outsourcing security to IPsec but eventually removing it as well as other design decisions led to a number of vulnerabilities They range from the already known spoofing of answers to link-layer address requests to novel possibilities regarding node tracking In an effort to fix them, a vast amount of updates have been introduced This talks discusses security and privacy vulnerabilities with regard to IPv6 and their current countermeasures Further, we focus on three remaining challenges for IPv6 security, namely address assignment and structure, securing local network discovery, and address selection for reconnaissance For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561406.shtmlhttp://www.secuobs.com/revue/news/561406.shtmlDeepsec 2014 - Memory Forensics and Security Analytics - Detecting Unknown Malware2015-02-27 07:18:29 - SecurityTube.Net : Fahad works with UBS AG, where he is a lead architect with the Security Analytics team His other areas of expertise include Malware Reverse Engineering and Memory Forensics At DeepSec 2014 he held a presentation about detecting unknown malicious software by means of memory forensics The main purpose of the presentation is to show the audience how open-source tools can be used to develop an in-house automated Memory Forensics Solution, which has the capability to detect 'unknown' malware I will show a demo of this solution, and how it can be used to find 'unknown' malware This solution is based on my personal research The idea is to spend 20 mins on the presentation piece and 10-15 minutes on the demo Leaving 5-10 minutes on the Q A I will start with a quick introduction to the concept of Unknown Malware, followed by recent trends in malware detection The 'On-Host Forensics' is latest development, with tools like Mandiant Redline, Carbon Black, Bromium becoming popular These tools provide 'Host Based' malware detection capabilities relying on Memory Forensics techniques Memory Forensics has been a traditional Incident response technique With latest tools many of the Manual steps involved in Memory Analysis can be automated Malware can be detected based on intelligence feeds or statistical analysis by 'On-host Forensics' tools While each of these tools have their strengths, I would like to show how open source tools like 'Volatility' can be utilized to extract memory fragments automatically and feed this data to an analytics engine My analytics engine is based on SQL server, capable of processing data from 100s of machines simultaneously In this POC solution, the clients send their Memory Analysis from Volatility every 30 minutes and the analytics engine processes data through automated jobs Approach one - Traditional way of finding malware, using Threat Intelligence and IOCs I will simulate a Threat Intelligence feed, and show how my solution can be used to detect malware based on data received from OpenIOC or Cybox Approach Two - Finding Malware by benchmarking your environment I will perform analysis on Memory fragments to identify changes on the hosts using Security Analytics Engine The engine keeps track of changes on the host and identifies anomalies by comparing against last known state For More Information Please Visit - https wwwdeepsecnet http://www.secuobs.com/revue/news/561399.shtmlhttp://www.secuobs.com/revue/news/561399.shtmlWyndham Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are Unfair 2015-02-27 02:54:24 - Office of Inadequate Security : Katherine Gasztonyi writes On February 20, the Third Circuit sent a letter to counsel in FTC v Wyndham Worldwide Corp, http://www.secuobs.com/revue/news/561390.shtmlhttp://www.secuobs.com/revue/news/561390.shtml16 CISOs and Security Leaders You Should be Following on Twitter2015-02-26 21:34:37 - Security Bloggers Network : A few months ago we published an article, 21 AppSec Security Gurus You Should Be Following on Twitter, and even we were surprised with the buzz it created It seems we had hit a chord with our readers, who are apparently pining for new security people to follow on The post 16 CISOs and Security Leaders You Should be Following on Twitter appeared first on http://www.secuobs.com/revue/news/561370.shtmlhttp://www.secuobs.com/revue/news/561370.shtmlSchneier Everyone Wants You To Have Security, But Not From Them2015-02-26 21:08:56 - Slashdot Your Rights Online : An anonymous reader writes Bruce Schneier has written another insightful piece about the how modern tech companies treat security He points out that most organizations will tell you to secure your data while at the same time asking to be exempt from that security Google and Facebook want your data to be safe on their servers so they can analyze it The government wants you to encrypt your communications as long as they have the keys Schneier says, we give lots of companies access to our data because it makes our lives easier The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view Someone else is taking care of it We want strong security, but we also want companies to have access to our computers, smart devices, and data We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices We want our data to be secure, but we want someone to be able to recover it all when we forget our password We'll never solve these security problems as long as we're our own worst enemy IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/561368.shtmlhttp://www.secuobs.com/revue/news/561368.shtmlVulnerable security software2015-02-26 16:55:17 - Security Bloggers Network : Last week the Superfish debacle became news and PC manufacturer Lenovo was slammed for pre-installing adware on new laptops Since then I've had people ask me about how dangerous this stuff actually is and whether or not security software that wor http://www.secuobs.com/revue/news/561336.shtmlhttp://www.secuobs.com/revue/news/561336.shtmlDHS Licenses Malware Detection Tech to Cyber Security Company2015-02-26 16:55:17 - Security Bloggers Network : Hyperion, a malware forensics detection and software assurance technology developed by Oak Ridge National Laboratory, has been licensed by the US Department of Homeland Security DHS Science and Technology Directorate S T for market commercial http://www.secuobs.com/revue/news/561335.shtmlhttp://www.secuobs.com/revue/news/561335.shtmlRamp with 5 Levels CISSP 2015 Update Security Engineering2015-02-26 15:44:03 - Security Bloggers Network : The CISSP 2015 Update brings new viewpoints on the key domains covered in this certification The CISSP is already one of the broadest of all certs in that the amount of information it covers in Go on to the site to read the full article http://www.secuobs.com/revue/news/561323.shtmlhttp://www.secuobs.com/revue/news/561323.shtmlEveryone Wants You To Have Security, But Not from Them2015-02-26 15:10:19 - Security Bloggers Network : In December, Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was If you have important information, the safest place to keep it is in Google And I can assure you that the safest place to not keep it is anywhere else The surprised me, because Google collects all of your information to show you more targeted advertising Surveillance is the business model of the Internet, and Google is one of the most successful companies at that To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place I was reminded of this last week when I appeared on Glenn Beck's show along with cryptography pioneer Whitfield Diffie Diffie said You can't have privacy without security, and I think we have glaring failures in computer security in problems that we've been working on for 40 years You really should not live in fear of opening an attachment to a message It ought to be confined your computer ought to be able to handle it And the fact that we have persisted for decades without solving these problems is partly because they're very difficult, but partly because there are lots of people who want you to be secure against everyone but them And that includes all of the major computer manufacturers who, roughly speaking, want to manage your computer for you The trouble is, I'm not sure of any practical alternative That neatly explains Google Eric Schmidt does want your data to be secure He wants Google to be the safest place for your data as long as you don't mind the fact that Google has access to your data Facebook wants the same thing to protect your data from everyone except Facebook Hardware companies are no different Last week, we learned that Lenovo computers shipped with a piece of adware called Superfish that broke users' security to spy on them for advertising purposes Governments are no different The FBI wants people to have strong encryption, but it wants backdoor access so it can get at your data UK Prime Minister David Cameron wants you to have good security, just as long as it's not so strong as to keep the UK government out And, of course, the NSA spends a lot of money ensuring that there's no security it can't break Corporations want access to your data for profit governments want it security purposes, be they benevolent or malevolent But Diffie makes an even stronger point we give lots of companies access to our data because it makes our lives easier I wrote about this in my latest book, Data and Goliath Convenience is the other reason we willingly give highly personal data to corporate interests, and put up with becoming objects of their surveillance As I keep saying, surveillance-based services are useful and valuable We like it when we can access our address book, calendar, photographs, documents, and everything else on any device we happen to be near We like services like Siri and Google Now, which work best when they know tons about you Social networking apps make it easier to hang out with our friends Cell phone apps like Google Maps, Yelp, Weather, and Uber work better and faster when they know our location Letting apps like Pocket or Instapaper know what we're reading feels like a small price to pay for getting everything we want to read in one convenient place We even like it when ads are targeted to exactly what we're interested in The benefits of surveillance in these and other applications are real, and significant Like Diffie, I'm not sure there is any practical alternative The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view Someone else is taking care of it We want strong security, but we also want companies to have access to our computers, smart devices, and data We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices Those someones will necessarily be able to violate our privacy, either by deliberately peeking at our data or by having such lax security that they're vulnerable to national intelligence agencies, cybercriminals, or both Last week, we learned that the NSA broke into the Dutch company Gemalto and stole the encryption keys for billions yes, billions of cell phones worldwide That was possible because we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones we want it done automatically by the phone manufacturers We want our data to be secure, but we want someone to be able to recover it all when we forget our password We'll never solve these security problems as long as we're our own worst enemy That's why I believe that any long-term security solution will not only be technological, but political as well We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws We need laws that require those entrusted with our data to protect our data Yes, we need better security technologies, but we also need laws mandating the use of those technologies This essay previously appeared on Forbescom http://www.secuobs.com/revue/news/561314.shtmlhttp://www.secuobs.com/revue/news/561314.shtmlDefending Against Web App Attacks Using ModSecurity2015-02-26 12:55:04 - SecurityTube.Net : Jason Wood presents on Defending Against Web App Attacks using the Free ModSecurity tool For More Information Please Visit - https wwwsecureideascom http://www.secuobs.com/revue/news/561280.shtmlhttp://www.secuobs.com/revue/news/561280.shtmlGet Off-Network Security With OpenDNS s Roaming Client2015-02-26 12:20:22 - OpenDNS Blog : Our mission at OpenDNS is to secure our customers networks on any device, anytime, anywhere Our Roaming Client product allows you to work safely off-network at coffee shops, airports, or anywhere else you might take your laptop How Does the Roaming Client Work The Roaming Client works by securely directing DNS queries bound for the Internet The post Get Off-Network Security With OpenDNS s Roaming Client appeared first on OpenDNS Blog http://www.secuobs.com/revue/news/561277.shtmlhttp://www.secuobs.com/revue/news/561277.shtml The business and social impacts of cyber security issues2015-02-26 11:49:34 - Help Net Security : With multiple recent high profile attacks targeting household names and large employers, individuals increasingly fear cyber crime and its resulting consequences at work as well as at home, according http://www.secuobs.com/revue/news/561273.shtmlhttp://www.secuobs.com/revue/news/561273.shtml Healthcare security spending to reach US 10 billion by 20202015-02-26 08:57:12 - Help Net Security : The healthcare sector is ill-prepared for the new cyberage Hospitals, clinics, trusts, and insurers are under attack from malicious online agents The value of personal health information, made more http://www.secuobs.com/revue/news/561258.shtmlhttp://www.secuobs.com/revue/news/561258.shtmlCloud Security Lands in Seattle2015-02-26 00:48:49 - Security Bloggers Network : With the high concentration of cloud and technology companies, Seattle is a natural fit for Alert Logic s sixth office, which houses members of our engineering, sales, business development, The post Cloud Security Lands in Seattle appeared first on Alert Logic http://www.secuobs.com/revue/news/561200.shtmlhttp://www.secuobs.com/revue/news/561200.shtmlSecurity Sense Superfish and Nasty Root Certs Are Bad, but It s Worse than That2015-02-25 21:06:38 - Security Bloggers Network : Is Superfish really that bad By now we ve come to expect what is uncharitably referred to as crapware on a new machine Isn t this just more of the same No, this is in a class of its own and not because of the technology itself, but rather because of what it signals both on Lenovo s behalf and that of the industry in general read more http://www.secuobs.com/revue/news/561174.shtmlhttp://www.secuobs.com/revue/news/561174.shtmlWeb Security for the Tech-Impaired Passwords that Pass the Test2015-02-25 21:06:38 - Security Bloggers Network : In my last post, The Dangers of Email , I explored ways that folks who are less than technically savvy can practice good email security hygiene Today we ll get into a somewhat controversial subject passwords You use them everyday to log in to your bank account, credit card, Amazon the list goes on and on http://www.secuobs.com/revue/news/561173.shtmlhttp://www.secuobs.com/revue/news/561173.shtmlOS X and iOS vulnerabilities top security vulnerability chart, far ahead of Windows2015-02-25 20:30:58 - Security Bloggers Network : Every vulnerability found may be good news it's been found , but it's also a failure of quality control and testing Are you surprised to see OS X and iOS top the chart Read more in my article on the Intego Mac Security blog http://www.secuobs.com/revue/news/561166.shtmlhttp://www.secuobs.com/revue/news/561166.shtmlTevora To Host Happy Hour Focused on Data Security and Encryption2015-02-25 18:33:32 - Security Bloggers Network : Tevora and Vormetric are hosting a networking happy hour for IT security professionals on Wednesday, February 25, starting at 4 30 pm, at OHSO Eatery nanoBrewery in Phoenix Security officers will enjoy local beer culture, network with IT peers and discuss what s most current in data security and encryption This event is http://www.secuobs.com/revue/news/561148.shtmlhttp://www.secuobs.com/revue/news/561148.shtmlKaspersky Labs Launches Online Accelerator For Security Startups2015-02-25 16:03:43 - Security Bloggers Network : The Security Startup Challenge SSC , is part accelerator, part startup competition, and also has Mangrove Capital Partners and Russian VC firm, the ABRT Fund, putting money behind it It follows the recent launch of a cyber security accelerator i http://www.secuobs.com/revue/news/561119.shtmlhttp://www.secuobs.com/revue/news/561119.shtmlMichael DeCesare, ex président d'Intel Security, est nommé Président Directeur Général de ForeScout2015-02-25 15:03:12 - Global Security Mag Online : ForeScout Technologies, Inc nomme Michael P DeCesare, pionnier du secteur informatique et ancien président d'Intel Security, au poste de PDG Sa mission au sein de l'équipe de direction de ForeScout contribuera à accélérer la croissance de la société dans le secteur de la sécurité informatique Il prendra ses fonctions de PDG le 2 mars 2015 DeCesare détient une expertise de plus de 20 ans de leadership en entreprise dans le secteur de la sécurité Durant ces deux précédents mandats à la tête - Business http://www.secuobs.com/revue/news/561109.shtmlhttp://www.secuobs.com/revue/news/561109.shtmlBSides Tampa 2015 - What is a security analyst and what job role will they perform2015-02-25 12:53:24 - SecurityTube.Net : James Risler discusses the complex nature of learning how to identify threats and intrusions on the network with the variety of technology products and SIEM tools available The responsibilities often include the following areas monitoring, traffic analysis, event and alarm handling, and incident response Finally, we will conclude with looking at some cyber attacks and how a security analyst could have helped identify the attack For More Information Please Visit - http bsidestampanet http wwwirongeekcom iphp page videos bsidestampa2015 mainlist http://www.secuobs.com/revue/news/561075.shtmlhttp://www.secuobs.com/revue/news/561075.shtmlBSIDES TAMPA 2015 - CYBER SECURITY AWARENESS FOR HEALTHCARE PROFESSIONALS2015-02-25 12:53:24 - SecurityTube.Net : The confidentiality and safekeeping of personal health information PHI has become a globally acknowledged issue and concern Regardless the regulatory implementation, legislation and enforcement of the law protecting PHI the degree of risk tolerated by entities managing patient health information is resulting in even more pressing and dynamic efforts to protect the information Regrettably, with the mandate of EMR implementation, HIPAA HITECH compliance, and its related evolving Information technology IT complexity, the task is becoming increasingly difficult and challenging Not only have these high-tech innovations advanced the healthcare industry into an era of high-speed information exchange, but increased its vulnerability to exposure thus compromising PHI The best security technology in the world can't help you unless healthcare professionals understand their roles and responsibilities in safeguarding sensitive data and protecting the patients and company resources This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks The audience will understand that an appropriate and relevant For More Information Please Visit - http bsidestampanet http wwwirongeekcom iphp page videos bsidestampa2015 mainlist http://www.secuobs.com/revue/news/561073.shtmlhttp://www.secuobs.com/revue/news/561073.shtmlOFFENSIVE COMPUTER SECURITY LECTURES - 24 Volatility and Forensics2015-02-25 12:53:24 - SecurityTube.Net : Old video covering Volatility and performing forensic analysis on hacked machines Resources PDF - https docsgooglecom presentation d 1Q29K-gXu2Q-Ttjyuav-tcUJT4RV-UGU_Tncmxnc8ihU edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/561072.shtmlhttp://www.secuobs.com/revue/news/561072.shtmlOFFENSIVE COMPUTER SECURITY LECTURES - 25 Revisiting Old Topics2015-02-25 12:53:24 - SecurityTube.Net : Wrapping up the course, revisiting old topics stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture Resources PDF - https docsgooglecom presentation d 1dXisse51sjDIaxXLi1DTIXomzKO16tKFMXUdPYnMJWE edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/561071.shtmlhttp://www.secuobs.com/revue/news/561071.shtmlOFFENSIVE COMPUTER SECURITY LECTURES - 26 Social Engineering2015-02-25 12:53:24 - SecurityTube.Net : Week 15 Last Week Physical Security and Social Engineering For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/561070.shtmlhttp://www.secuobs.com/revue/news/561070.shtmlBSides Tampa 2015 - Teaching Kids and Even Some Adults Security Through Gaming2015-02-25 12:53:24 - SecurityTube.Net : Wanna teach your kid to be a hacker but don t know where to start Security is a fairly complex topic but games offer the best way for kids to learn the basics This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security This project could help spur interest in later university and other programs and potentially a career or at least make our children a more security-conscience adult in whatever field they choose For More Information Please Visit - http bsidestampanet http wwwirongeekcom iphp page videos bsidestampa2015 mainlist http://www.secuobs.com/revue/news/561069.shtmlhttp://www.secuobs.com/revue/news/561069.shtmlVigilance - Cisco Prime Security Manager Cross Site Scripting, analysé le 10 02 20152015-02-25 11:55:07 - Vigilance vulnérabilités publiques : Un attaquant peut provoquer un Cross Site Scripting de Cisco Prime Security Manager, afin d'exécuter du code JavaScript dans le contexte du site web http://www.secuobs.com/revue/news/561061.shtmlhttp://www.secuobs.com/revue/news/561061.shtmlLe CLUSIF annonce la création d'un nouveau groupe de travail dédié au déploiement d'un Security Operation Center SOC 2015-02-25 11:22:07 - Global Security Mag Online : Détecter, contenir et traiter les incidents de sécurité au sein d'une unité centralisée se révèle être un projet à la fois complexe et stratégique Pour aider les entreprises à relever ce défi, le CLUSIF a décidé de créer un groupe de travail autour du thème Comment réussir le déploiement d'un Security Operation Center Composé de plus d'une vingtaine de membres de l'association issus de tous secteurs d'activité, ce groupe de travail a pour objectif la rédaction d'un guide de bonnes pratiques recensant les - Business http://www.secuobs.com/revue/news/561057.shtmlhttp://www.secuobs.com/revue/news/561057.shtml Addressing cybersecurity business disruption attacks2015-02-25 09:49:36 - Help Net Security : Although the frequency of a cybersecurity attack on a large scale is low, by 2018, 40 percent of large enterprises will have formal plans to address aggressive cybersecurity business disruption attack http://www.secuobs.com/revue/news/561036.shtmlhttp://www.secuobs.com/revue/news/561036.shtml Known weaknesses plague the security threat landscape2015-02-25 09:49:36 - Help Net Security : Well-known issues and misconfigurations contributed to the most formidable threats in 2014, according to HP Security Research Many of the biggest security risks are issues we ve known about for http://www.secuobs.com/revue/news/561035.shtmlhttp://www.secuobs.com/revue/news/561035.shtmlA Comparative Cyber Study of National Security Strategies UK and the US2015-02-25 07:36:23 - Security Bloggers Network : Recently, Tripwire published a study on the use of the term cyber in the United States National Security Strategy NSS documents This analysis reveals that each NSS report has used the word cyber more frequently than its immediate predecessor It also demonstrates how the meaning of cyber has diversified and evolved over time I Read More The post A Comparative Cyber Study of National Security Strategies UK and the US appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/561029.shtmlhttp://www.secuobs.com/revue/news/561029.shtmlNZ Kiwibank cancels eftpos cards over security breach scare2015-02-25 03:32:47 - Office of Inadequate Security : ONE News reports Kiwibank is contacting at risk customers after a machine was compromised ONE News http://www.secuobs.com/revue/news/560996.shtmlhttp://www.secuobs.com/revue/news/560996.shtmlSecurity Advisory WP-Slimstat 395 and lower2015-02-25 01:03:33 - Sucuri Blog : Advisory for WP-Slimstat Security Risk Very high Exploitation level Remote DREAD Score 8 10 Vulnerability Weak Cryptographic keys leading to SQL injections Patched Version 396 WP-Slimstat s users should update as soon as possible During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin s weak secret key, use to perform a SQL Read More http://www.secuobs.com/revue/news/560989.shtmlhttp://www.secuobs.com/revue/news/560989.shtmlGrowing Interest in Bro Helps Security Professionals Watch over Their Networks2015-02-24 21:35:01 - OpenDNS Blog : Having sufficient insight about events in your network can help first responders prioritize threats and respond correctly, saving time and personnel resources always in short supply, especially for smaller shops One of the tools that can help security practitioners gain this insight is Bro, a network monitoring platform Last week, OpenDNS hosted the inaugural Bro4Pros workshop, The post Growing Interest in Bro Helps Security Professionals Watch over Their Networks appeared first on OpenDNS Blog http://www.secuobs.com/revue/news/560969.shtmlhttp://www.secuobs.com/revue/news/560969.shtmlHow to Talk to Executives About Risk-Based Security Policies2015-02-24 17:13:58 - Blog : How to Talk to Executives About Risk-Based Security PoliciesHow do you communicate risk to C-suite executives The question plagues IT departments nationwide as threats like the recent Sony hack and Backoff POS malware, plus vulnerabilities such as Heartbleed and Shellshock, make it increasingly difficult to keep corporate IT assets safe Creating a risk-based security policy is made even more complex when internal software development is considered Should projects be pushed to market before more flaws are discovered, or put on the back burner until more comprehensive solutions can be found Here are three key talking points to bolster boardroom security buy-in 1 It's All Relative As a recent Computer Weekly article noted, even national governments are starting to sit up and notice that IT security cannot be confined to IT departments alone According to Francis Maude, minister for the UK Cabinet Office, information security is an issue for the boardroom If you sit on the board and you don't have your chief security officer's number on your phone, now is the time to add it He argues that all companies, large or small, face the same threats As a result, it's crucial that C-suite executives buy into risk-based security policies that extend beyond compliance Though according to Pejman Pourmousa, Veracode's director of program management, tech executives struggle to communicate risk and get buy-in from an organization top down until a breach happens Why Because, more often than not, there's a shared sense that breaches and similar issues can only happen to someone else As long as executives believe their networks haven't been breached, they'll continue to view them as secure More worrisome If IT security professionals can show potential risk, there is typically pushback that this risk may cause the speed to market on products to slow as they need to make fixes Put simply, everything is relative It's the job of IT professionals to communicate immediate risk without seeming paranoid or terrified So, how do you achieve this balance 2 More Than Compliance A good starting point for the risk-based security discussion is compliance From PCI to HIPAA, ISO IEC 27002 and even the BITS Shared Assessment Program, meeting compliance standards is an essential part of defining a secure network perimeter Pourmousa notes, however, that compliance is only one aspect of application security Companies should also implement their own internal standards and policies for applications based on their security levels It's also important to remember that both compliance and application security are ongoing processes and will not reach their full potential in their first quarter or even first year Instead, businesses would do well to identify critical applications for example, those that are public facing, deal with personally identifiable information or are critical to business function and focus efforts there Creating what Pourmousa describes as a consumable and actionable plan toward compliance not only gives scope to the discussion of IT security in the boardroom, but also sets up a way to go beyond compliance and drill down to risk-based application security itself If IT professionals can demonstrate a marked progression toward compliance with a two- or three-year plan, the idea of a similar approach to app use and development security doesn't seem so daunting 3 Sell the Plan Pourmousa's biggest piece of advice Sell the plan, not the risk Too many IT experts fall into the trap of trying to convince executives that security threats are both real and prevalent, which amounts to little more than calling out oversights by C-suite executives something unlikely to win supporters or budgetary favor Instead, the conversation needs to center around the idea of identifying risks as soon as possible while simultaneously having a remediation plan in place When the discussion is framed around an organization's ability to stay ahead of risk rather than simply manage it, boardrooms become much more receptive Ultimately, Pourmousa points to security programs that leverage a combination of internal expertise and third-party experts to put the proper testing and remediation checkpoints into the development cycle that enable firms to identify risk and develop plans to reduce it As Pourmousa contends, these plans are the most successful So how do IT professionals convince boardrooms to buy into and focus on risk-based security It's all about the conversation Start by identifying key areas of risk along with relevant, close-to-home examples Next, detail any compliance efforts underway and draw a parallel between existing long-term programs and a similar role for risk-based assessment Finally, sell a plan of action that targets these risks directly rather than simply pointing them out, and come prepared with a list of reputable security partners The ideal result A boardroom that's on board with your plan and IT staff members who have the confidence in their abilities to design, test and release secure software Sounds like a win-win Photo Source Bigstock http://www.secuobs.com/revue/news/560938.shtmlhttp://www.secuobs.com/revue/news/560938.shtmlCybersecurity and Artificial Intelligence A Dangerous Mix2015-02-24 15:29:13 - Security Bloggers Network : Artificial Intelligence would be the biggest event in human history Artificial Intelligence explores the possibility to create intelligent systems that can reason and think like human beings Go on to the site to read the full article http://www.secuobs.com/revue/news/560916.shtmlhttp://www.secuobs.com/revue/news/560916.shtmlFinancial Industry Regulatory Authority Report on Cybersecurity Practices2015-02-24 15:27:14 - Office of Inadequate Security : via BeSpacific FINRA Report on Cybersecurity Practices, February 2015 Executive Summary Like many organizations in the http://www.secuobs.com/revue/news/560915.shtmlhttp://www.secuobs.com/revue/news/560915.shtml2014 Annual Security Roundup Magnified Losses, Amplified Need for Cyber-Attack Preparedness2015-02-24 14:51:29 - TrendLabs Security Intelligence Blog : 2014 was a year where cybercriminal attacks crippled both likely and unlikely targets A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years The Post from Trendlabs Security Intelligence Blog - by Trend Micro 2014 Annual Security Roundup Magnified Losses, Amplified Need for Cyber-Attack Preparedness http://www.secuobs.com/revue/news/560908.shtmlhttp://www.secuobs.com/revue/news/560908.shtmlIf you want better security employ women If you want to win the cyberwar employ women The evidence indicates that they are better at both2015-02-24 14:14:22 - Security Bloggers Network : That female ability to maintain security while also fighting and winning a cyberwar can also be seen with regard to the team which broke the Abwehr enigma codes, thus enabling the Double Cross operations without which the relatively bloodless D-Day landings might have been impossible http://www.secuobs.com/revue/news/560899.shtmlhttp://www.secuobs.com/revue/news/560899.shtmlClavister Demonstrates Next Generation NFV-based Network Security Solution for Mobile Operators2015-02-24 14:00:53 - Computer Security News : Backhaul and GRX Security Gateway, is a complete NFV-based software package providing mobile network operators with a range of solutions to provide robust security to 4G and LTE mobile cores, for network operators The Clavister LTE Backhaul Security solution enables the flexible deployment of IPsec encryption and firewalling at scale to secure mobile data traffic from cell sites to the network core http://www.secuobs.com/revue/news/560891.shtmlhttp://www.secuobs.com/revue/news/560891.shtmlReport on an Evaluation of Application Security Assessment Vendors2015-02-24 10:50:59 - Security Bloggers Network : Forrester Research published an evaluation of a dozen application security vendors in December The researchers reviewed the market to identify application security assessment vendors that offer multiple capabilities, provide easy deploymen http://www.secuobs.com/revue/news/560872.shtmlhttp://www.secuobs.com/revue/news/560872.shtmlMonitoring of WordPress Failed Logins Improved in WP Security Audit Log 142015-02-24 10:50:59 - Security Bloggers Network : Version 14 of WP Security Audit Log is available for download The major feature highlight for this new version is the much improved monitoring of WordPress failed logins, where the plugin reports the username being attacked allowing you, the WordPress administrator to take evasive actions and avoid having your WordPress hacked The post Monitoring of WordPress Failed Logins Improved in WP Security Audit Log 14 appeared first on WP White Security Related posts 1 Enhanced Monitoring of WordPress Failed Logins with WP Security Audit Log Plugin 2 Accurate WordPress Monitoring with WP Security Audit Log Plugin 3 WP Security Audit Log Improved Support for High Traffic WordPress Websites http://www.secuobs.com/revue/news/560871.shtmlhttp://www.secuobs.com/revue/news/560871.shtmlData Security Earns Its Seat at the Table as a Board Level Issue Mitigating Security Threats for Retail and Financial Services2015-02-24 10:16:46 - Security Bloggers Network : It s no surprise that every company s data is vulnerable to hackers As a result, implementing strong data security practices should be an obvious priority for enterprises According to our 2015 Insider Threat Report, data breach protection has replaced meeting compliance standards as the number one security priority for companies Organizations are going in the right direction with over 40 percent reporting that they have experienced a data breach in the past year, this reprioritization couldn t come at a better time Retail The post Data Security Earns Its Seat at the Table as a Board Level Issue Mitigating Security Threats for Retail and Financial Services appeared first on Data Security Blog Vormetric http://www.secuobs.com/revue/news/560866.shtmlhttp://www.secuobs.com/revue/news/560866.shtml'Secure' advertising tool PrivDog compromises HTTPS security2015-02-24 09:28:24 - Computer Security News : New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo http://www.secuobs.com/revue/news/560863.shtmlhttp://www.secuobs.com/revue/news/560863.shtmlVideo Review Emsisoft Internet Security vs 500 malware samples2015-02-24 08:34:36 - Security Bloggers Network : See for yourself how Emsisoft Internet Security 9 performs against hundreds of brand new malware samples Related Posts Video Review Emsisoft Internet Security 9 scores 100pourcents Two new Youtube reviews Flawless result for Emsisoft Internet Security Pack on Emsisoft awarded Top Rated Product of 2014 by The Emsisoft Emergency Kit is a Komputerswiat Editor s http://www.secuobs.com/revue/news/560861.shtmlhttp://www.secuobs.com/revue/news/560861.shtmlBSides Tampa 2015 - Bug Bounties and Security Research2015-02-24 06:50:33 - SecurityTube.Net : From Weev to Microsoft's Bug Bounty, organizations have to understand how their organization deals with security in a world that appears to have gone mad We used to know that an attack coming from the outside world was malicious Now we have to determine if its just another security researcher and if we want to actually invite these people to test our systems In this talk, Kevin Johnson of Secure Ideas will explore the ideas behind bug bounties and security research He will discuss ways that your organization can adjust and how to determine if this makes sense to you For More Information Please Visit - http bsidestampanet http://www.secuobs.com/revue/news/560841.shtmlhttp://www.secuobs.com/revue/news/560841.shtmlBSides Tampa 2015 - Vendor Induced Security Issues2015-02-24 06:50:33 - SecurityTube.Net : During the last few years we have seen a growing trend with vulnerable vendor technologies being used during breaches Open HVAC systems, poorly designed POS terminals, and insecure web applications seem to be rampant but is this really the case In short, yes and it doesn t stop there In this talk Dave will discuss some of the prevalent vendor induced issues he has found in public networks Hackers are not only using vulnerable vendor technologies to gain access, but as a proxy to attack others Vendor due diligence is always a boring part of the security program, but after this talk you understand why you need to verify those who hold the keys to your network For More Information Please Visit - http bsidestampanet http://www.secuobs.com/revue/news/560838.shtmlhttp://www.secuobs.com/revue/news/560838.shtmlPalo Alto startup points fingers over Lenovo ad software security flaws2015-02-24 03:47:16 - Computer Security News : A little-known Silicon Valley startup was caught in a firestorm of criticism this week for making software that exposed Lenovo laptop users to hackers bent on stealing personal information But Superfish has also won praise for producing visual search technology that many see as the next big thing in online shopping http://www.secuobs.com/revue/news/560831.shtmlhttp://www.secuobs.com/revue/news/560831.shtmlWill High-Tech Bank Heist Change How Enterprises View Security 2015-02-23 21:11:04 - Blog : Kaspersky Lab has released reports stating that bank hackers stole millions via malware The initial reports indicated that hackers stole approximately 1 billion from over 100 banks in 25 countries including the United States although now FS-ISAC claims no US banks were impacted Whether or not US banks were hit isn t the most interesting point What is interesting is how the cybercriminals infiltrated the banks they did breach, and what they stole As with many of the large breaches we ve seen in the past year, the cybercriminals used a variety of techniques as part of their infiltration strategy It started with phishing attacks that introduced malware Carbanak , which exploited a vulnerability in Microsoft Office products The cybercriminals then reportedly monitored bank employees activities and used the information gathered to steal upwards of a billion dollars from the banks That is the interesting part they stole directly from the banks, in some cases causing ATM machines to spurt money money the cybercriminals didn t even collect Cybercriminals normally attack banks, retailers, healthcare institutions, insurers and other types of companies with the intent of stealing customer data for use in identity theft This time, they stole directly from the banks, making the banks the end victim The fact that the cybercriminals didn t move on to steal customer data, and that the funds ejected from ATMs were picked up by lucky bystanders, make me wonder what the hackers real goals are but that is a totally different post and one based purely on speculation Typically, when large-scale breaches occur, the organization that was breached feels the repercussions in terms of negative press, as well as a general loss of confidence from consumers However, calculating the full impact of a breach has been challenging and fraught with inaccuracies, and the enterprise is usually able to recover With cybercriminals now targeting the enterprise itself for theft of money, rather than just information, I wonder if this will spur enterprises to reassess their security programs and work harder to secure the attack vectors most used by cybercriminals For example, the Verizon 2014 Data Breach Investigations Report found that web applications are now the number one attack vector for successful breaches However, as IDG recently found, the majority of web applications are not assessed for critical security vulnerabilities Will we see an increase in interest around this topic now that enterprises pocketbooks are directly impacted What do you think Will the change in cybercriminals MOs change the discussion around enterprise security Is your company already assessing the security of its web applications What about the applications from third-party vendors http://www.secuobs.com/revue/news/560808.shtmlhttp://www.secuobs.com/revue/news/560808.shtmlBusiness owners rejoice you can now get business-grade security for free from Avast2015-02-23 20:12:10 - Security Bloggers Network : Avast is pleased to offer the World s First Free Business-Grade Security to small and medium-sized businesses In a move that will make a difference to the security of local businesses across the USA and the UK, Avast launches Avast for Business a free, easy to use, cloud-managed security offering that protects small to medium-sized businesses SMBs http://www.secuobs.com/revue/news/560804.shtmlhttp://www.secuobs.com/revue/news/560804.shtmlRaise the Gates 3 Tips for Stronger Password Security2015-02-23 19:22:34 - Blog : Raise the Gates 3 Tips for Stronger Password SecurityPassword security is one of the hottest, longest-standing topics in today's world of digital security, and it's no wonder These single, self-contained words and phrases give users access to a wide breadth of info, powerful systems and functions that enterprise employees need in their daily jobs Of course, all that power makes them points of intense interest for black-hat attackers and more civic-minded security researchers, albeit for very different reasons While different technological advancements biometric thumb and eye scanners, wearable secondary gadgets like Android Wear, etc have threatened to overtake the password in recent years, none have surpassed it as the standard means of authentication For better or worse, we're likely stuck with passwords for a while so keeping them secure on both the provider and user ends is your best bet Why Is Password Security Important Passwords are points of entry Wherever there is one, there's more than likely someone trying to figure it out for illicit means In your enterprise, that could indicate any number of things An employee trying to access admin accounts to make unauthorized changes, for instance, or an outside attacker looking for personal data to steal and sell Furthermore, while common sense tells us it takes access to a high-level account to do high-level damage, that's frequently not the case Gaining unauthorized access into a given system is often a game of guesswork Information discovered in the least privileged user's account might be what an attacker needs to gain access to an admin's credentials Then there's the stuff that comes after the attack While you can't always guess what unauthorized visitors do with their access, it's almost always unsavory info that could damage a business's standing or ability to negotiate, for example To sum all this up, password security is critical and requires dedication Here are three things providers and users can do to ensure stronger password security 1 Require complex passwords The longer and more complex the password, the better On the admin side, this can mean any number of things You might require numbers, special characters, caps and lowercase letters You could also tell users to make longer passwords or even turn whole sentences into phrases Some administrators even give users options Those who prefer shorter passwords might have to change their codes every 30 days, for example, while those using passphrases can wait 60 or 90 days instead Two-factor authentication plays a role here as well By requiring users to authenticate themselves beyond a simple password, you make things much more difficult for hackers even talented ones 2 Use complex passwords Users, of course, are strongly advised not to use common passwords, like those including dates of birth or easily guessed words such as password Random strings of words, broken up by equally random numbers and special characters, are advisable more security-minded users and those who work in fields with sensitive information may even want to consider a password manager such as KeePass 3 Practice smart management Passwords should never be stored in plain text on the admin's side At the very least, use strong encryption and obfuscation methods to ensure intruders don't have easy access to users' log-in credentials Even though they shouldn't, users often employ weak passwords and even keep the same passwords across multiple crucial sites, making the overall headache level even larger in the event of a leak The best password management, however, involves not keeping passwords server-side at all Password hashing and salting, a method in which hashes are generated and verified in such a way that password info is never kept on the provider's end, ensures attackers never have access to those sweet, sweet tables That's something your users and security staff will greatly appreciate Hashing and salting should be implemented using code developed by experienced security experts Doing it internally is a hairy proposition, and leaving the development to a certified expert is just another facet of practicing smart password security Secure Everywhere Smart password use and administration is only one part of an overall security-focused mindset, but it's a huge one Whether you're a user, a developer or both, treating password security as the hugely important issue that it is helps keep your system safe If you're looking for more info, this Ars Technica article is an excellent place to start Or, reach out to a trusted third-party security expert after all, it's what they do Photo Source Flickr http://www.secuobs.com/revue/news/560801.shtmlhttp://www.secuobs.com/revue/news/560801.shtmlMy Security Thoughts The Smart Grid The Danger to You by mhbjr2015-02-23 19:00:31 - Security Bloggers Network : The utility industry needs to gather and act on information about me The hairs on the back of my next are starting to raise but let s keeps riding this train The post My Security Thoughts The Smart Grid The Danger to You by mhbjr appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/560798.shtmlhttp://www.secuobs.com/revue/news/560798.shtmlMy Security Thoughts Autonomous Vehicles by mhbjr2015-02-23 19:00:31 - Security Bloggers Network : I will still look at the security implications of technology or service but am going to examine the other affects both positive and negative that these things will have on society as a whole The post My Security Thoughts Autonomous Vehicles by mhbjr appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/560796.shtmlhttp://www.secuobs.com/revue/news/560796.shtmlWhat Can War Teach Us About Mainframe Security 2015-02-23 19:00:31 - Security Bloggers Network : The mainframe environment, or Big Iron, continues to grow at a rate of about 5pourcents per year according to recent predictions While experts have historically considered the Mainframe to be the safest environment from a Cybersecurity perspective, one has to http://www.secuobs.com/revue/news/560794.shtmlhttp://www.secuobs.com/revue/news/560794.shtmlResearch 84 percent more concerned about security and privacy in 20152015-02-23 17:25:27 - LinuxSecurity.com Latest News : LinuxSecuritycom Security and privacy are top concerns for many IT professionals, and it's especially relevant now, after 2014's highly publicized data breaches Because of the constant concerns about security and privacy, Tech Pro Research, ZDNet's premium content sister site, conducted a new survey on the topic and compared the results back to a previous survey from 2013 http://www.secuobs.com/revue/news/560777.shtmlhttp://www.secuobs.com/revue/news/560777.shtmlSpin and FUD Superfish CEO says software presents no security risk2015-02-23 16:47:49 - LinuxSecurity.com Latest News : LinuxSecuritycom In a statement to Ars Technica, Adi Pinhas, CEO of Superfish Inc said his company's pre-installed advertising software on Lenovo PCs poses no security risk - despite clear evidence otherwise http://www.secuobs.com/revue/news/560772.shtmlhttp://www.secuobs.com/revue/news/560772.shtmlAnother Garage Door Opener, This Time With Security2015-02-23 16:29:06 - Hackaday : We ve been seeing a lot of garage door opener hacks, whether it s because one person inspired everyone else to build their own Internet-connected GDO or because there s something in the water that s caused the simultaneous building of one specific type of project, we re not sure However, the latest one we ve seen adds a little something extra motion-based security DeckerEgo really went all out with this one, too The core of the project is a Raspberry Pi hardwired to a universal garage door remote The Pi also handles a small webcam and runs a program called motion, which is a Linux read more http://www.secuobs.com/revue/news/560771.shtmlhttp://www.secuobs.com/revue/news/560771.shtmlBuggy Norton Internet Security update crashes Internet Explorer2015-02-23 15:52:12 - Security Bloggers Network : Make sure you have a back-up browser on your PC, just in case you need to check a Symantec support advisory next time a Norton security update busts Internet Explorer http://www.secuobs.com/revue/news/560765.shtmlhttp://www.secuobs.com/revue/news/560765.shtmlDid you know that there are only four types of cyber security incidents 2015-02-23 15:13:46 - Security Bloggers Network : My career has been devoted to both the art and the science behind information security When I speak of the science, I am referring to the technology and the process we immerse ourselves into as we set about securing our organizations we are charged wi http://www.secuobs.com/revue/news/560762.shtmlhttp://www.secuobs.com/revue/news/560762.shtmlLenovo s Superfish spectacle Catastrophic security failures discovered2015-02-23 15:13:46 - Security Bloggers Network : Superfish isn't just adware -- it can also be a nightmare for those who value their privacy http://www.secuobs.com/revue/news/560759.shtmlhttp://www.secuobs.com/revue/news/560759.shtmlData Traffic Network Security2015-02-23 15:13:46 - Security Bloggers Network : Introduction Last year dubbed the Year of the Hack saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment And Go on to the site to read the full article http://www.secuobs.com/revue/news/560757.shtmlhttp://www.secuobs.com/revue/news/560757.shtmlGovernors Briefing on Cybersecurity People are everything2015-02-23 13:50:54 - Security Bloggers Network : http://www.secuobs.com/revue/news/560745.shtmlhttp://www.secuobs.com/revue/news/560745.shtml 96pourcents say ISO 27001 is important for improving security defenses2015-02-23 12:36:01 - Help Net Security : Already established as international best practice, the information security management standard ISO 27001 has become an effective weapon in the fight against cyber crime It is therefore unsurprising http://www.secuobs.com/revue/news/560733.shtmlhttp://www.secuobs.com/revue/news/560733.shtml Concerns around endpoint security2015-02-23 09:35:41 - Help Net Security : The overwhelming majority of information security professionals believe end users are their biggest security headache, largely due to their tendency to click on suspicious and malicious e-mails and UR http://www.secuobs.com/revue/news/560715.shtmlhttp://www.secuobs.com/revue/news/560715.shtmlSecurity software found using Superfish-style code, as attacks get simpler2015-02-23 08:29:16 - Ars Technica Risk Assessment : Titles from security firms Lavasoft and Comodo leave users open to easier attacks http://www.secuobs.com/revue/news/560713.shtmlhttp://www.secuobs.com/revue/news/560713.shtmlOffensive Security Lectures - 14 Exploit Development 1022015-02-23 08:28:02 - SecurityTube.Net : PDF - http wwwcsfsuedu redwood OffensiveComputerSecurity networking-for-offensive-security-TCP-2014ppt Reading Read 0x450 up to 0x500 in HAOE 27 pages Read 0x540 up through 0x550 in HAOE 11 pages Read Chapter 1 in WAHH 15 pages For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560711.shtmlhttp://www.secuobs.com/revue/news/560711.shtmlOffensive Security Lectures - 15 Wireshark and Web Application Hacking Security 1012015-02-23 08:28:02 - SecurityTube.Net : Its a bit shorter than other videos as the class time is split between this lecture and a wireshark tcpflow demo This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy PDF - https docsgooglecom presentation d 1jnpIqhalXFKFP3jSOzNaUNt4iaVLSf7GWDy1qgJLhOo edit usp sharing Required Reading Chapters 2-3 in WAHH OWASP Top 10 http wwwgooglecom url sa t rct j q owasppourcents20toppourcents2010pourcents202013pourcents20pdf source web cd 2 ved 0CDkQFjAB url httppourcents3Apourcents2Fpourcents2Fowasptop10googlecodecompourcents2Ffilespourcents2FOWASPpourcents2520Toppourcents252010pourcents2520-pourcents25202013pourcents2520-pourcents2520RC1pdf ei ZFsXU6iWOsq1kAfaw4D4BA usg AFQjCNGu9nysl5fTt8L02jm47Ep9hyeaEA sig2 3DpY5Ey9YFziJMxWI87yJA Related Reading http meveekuncom blog 2012 04 09 php-a-fractal-of-bad-design http://www.secuobs.com/revue/news/560710.shtmlhttp://www.secuobs.com/revue/news/560710.shtmlOffensive Security Lectures - 16 Web Application Hacking Security 1022015-02-23 08:28:02 - SecurityTube.Net : Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos PDF - https docsgooglecom presentation d 1kZ7QK-RQpyoGQXc1xnE082RhtPd3h2irOiSpOxOq_nM edit usp sharing Required Reading Reading Chapters 9 of WAHH Related Reading http wwwyoutubecom watch v rdyQoUNeXSg feature relmfu http://www.secuobs.com/revue/news/560709.shtmlhttp://www.secuobs.com/revue/news/560709.shtmlOffensive Security Lectures - 17 Web Application Hacking Security 1032015-02-23 08:28:02 - SecurityTube.Net : PDF - https docsgooglecom presentation d 1DK4L1D2n7ZR47srO1RMAutgjmIr0G0pEhZ0RU6z-yys edit usp sharing Required Reading https wwwyoutubecom watch v Z7Wl2FW2TcA http filescloudprivacynet ssl-mitmpdf Read Chapter 10 in WAHH http://www.secuobs.com/revue/news/560708.shtmlhttp://www.secuobs.com/revue/news/560708.shtmlOffensive Security Lectures - 18 Web Application Hacking Security 104 and Exploitation 1042015-02-23 08:28:02 - SecurityTube.Net : This class was two lectures in one In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode encoders, and the methodology for defeating IDS WAF PDF - https docsgooglecom presentation d 1pdDJ7dDBl6DxMVr0rsGzeLVOOFnH_DkhQJqRJE0r5y8 edit usp sharing Required Reading Reading Chapters 12 of WAHH Chapter 0x550 in HAOE Related Video http wwwyoutubecom watch v tJsNu0VRKYY feature related For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560707.shtmlhttp://www.secuobs.com/revue/news/560707.shtmlOffensive Security Lectures - 19 Midterm review 2 and Exploitation 1052015-02-23 08:28:02 - SecurityTube.Net : This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc This lecture is just the concepts, next time is the demos PDF - https docsgooglecom presentation d 1vv0ta6ouq572HSJzYNRW1HzQRiSVKV92za-JO6lFCnc edit usp sharing Reading http gdtrwordpresscom 2013 12 13 ropc-turing-complete-rop-compiler-part-1 For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560706.shtmlhttp://www.secuobs.com/revue/news/560706.shtmlOffensive Security Lectures - ROP Lecture2015-02-23 08:28:02 - SecurityTube.Net : Offensive Security Lectures - ROP Lecture For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560705.shtmlhttp://www.secuobs.com/revue/news/560705.shtmlOffensive Security Lectures - 21 Guest Lecturer Devin Cook on ROP and a brief history of exploitation2015-02-23 08:28:02 - SecurityTube.Net : Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation Lastly defenses against ROP were discussed PDF - https docsgooglecom presentation d 1JQpdhPSqoYfOSn56-yGwzsQr0o5K26jbzMHKH2jpZ9A edit usp sharing Required Reading http gdtrwordpresscom 2014 01 01 ropc-turing-complete-rop-compiler-part-2-language http://www.secuobs.com/revue/news/560704.shtmlhttp://www.secuobs.com/revue/news/560704.shtmlOffensive Security Lectures - 22 Metasploit2015-02-23 08:28:02 - SecurityTube.Net : This lecture covers the Metasploit framework Resources PDF - https docsgooglecom presentation d 10p1Sseq6Nj-ojF-Zp9CXzFvOKMk7hBY-p0ohPj_PF7A edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560703.shtmlhttp://www.secuobs.com/revue/news/560703.shtmlOffensive Security Lectures - 23 Meterpreter and Post Exploitation2015-02-23 08:28:02 - SecurityTube.Net : Post exploitation, Windows authentication tokens, and pivoting techniques are covered Demos of SET, Meterpreter, and etc are shared Resources PDF - https docsgooglecom presentation d 1gu2f1dE53gHeslqfiPGNlo08NOdkDRbzwjXwDfetfvo edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560702.shtmlhttp://www.secuobs.com/revue/news/560702.shtmlSecurity Slice Exchanging Threat Exchanges2015-02-23 05:46:19 - Security Bloggers Network : Facebook is the latest company to announce an cybersecurity threat sharing program The new platform, called ThreatExchange, aims to help organizations discuss new security threats like malware and phishing attacks Facebook is not alone MANDIANT, AlienVault, Crowdstrike and multiple industry programs already exist Do we need more cyber threat exchange platforms Listen to our Read More The post Security Slice Exchanging Threat Exchanges appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/560696.shtmlhttp://www.secuobs.com/revue/news/560696.shtmlThe Top Ten tips on Avoiding Security for Managers2015-02-22 21:39:06 - The Kai Roer Blog : There are many ways to increase security in your company, if that is your thing Most managers will, however, find these ten tips on how to avoid security, much more useful First published on this Continue reading The post The Top Ten tips on Avoiding Security for Managers appeared first on The Kai Roer Blog http://www.secuobs.com/revue/news/560685.shtmlhttp://www.secuobs.com/revue/news/560685.shtmlAl-Shabaab Video Threat Means Heightened Security at Mall of America2015-02-22 18:13:41 - Slashdot Your Rights Online : Reuters and other news outlets carry the news that the Minnesota's gigantic Mall of America is under heightened security after a video threat posted online by terrorist group Al-Shabaab Also at CNN and CBS News According to Reuters' version of the story The US homeland security chief said on Sunday he takes seriously a threat made by Somali-based Islamist militants against shopping malls, including the Mall of America in Minnesota, and urged people going there to be careful Homeland Security Secretary Jeh Johnson was reacting to a video released by al Shabaab appearing to call for attacks on Western shopping areas, specifically mentioning Mall of America, the West Edmonton Mall in Canada and London's Oxford Street Mall officials issued a statement about the threat made by the group, saying they are monitoring events with the help of federal, state and local law enforcement agencies Mall of America has implemented extra security precautions, some may be noticeable to guests, and others won t be, the officials said IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/560678.shtmlhttp://www.secuobs.com/revue/news/560678.shtmlSuperfish points fingers over ad software security flaws2015-02-22 17:17:37 - Computer Security News : Security researchers revealed Thursday, Feb 19, 2015, that some computers sold by China's Lenovo, the world' Spacewalking astronauts routed more than 300 feet of cable outside the International Space Station on Saturday, tricky and tiring advance work for the arrival of new American-made crew capsules Somebody shot and wounded a Minneapolis police officer early Saturday in what appears to have been a targeted attack, department officials said http://www.secuobs.com/revue/news/560674.shtmlhttp://www.secuobs.com/revue/news/560674.shtmlAlex Stamos AppSec is Eating Security2015-02-21 19:19:48 - Security Bloggers Network : Permalink http://www.secuobs.com/revue/news/560633.shtmlhttp://www.secuobs.com/revue/news/560633.shtmlWhat s SUPER and helps you to PHISH, sorry, FISH 60 Sec Security VIDEO 2015-02-21 17:40:37 - Security Bloggers Network : Here's our weekly news roundup - from Superfish to Super Spectacles It's amusing, informative, and only takes a minute - enjoy http://www.secuobs.com/revue/news/560628.shtmlhttp://www.secuobs.com/revue/news/560628.shtmlSuperfish security flaw also exists in other apps, non-Lenovo systems2015-02-21 16:21:30 - Computer Security News : On Thursday security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops , opened computers to attack However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs http://www.secuobs.com/revue/news/560623.shtmlhttp://www.secuobs.com/revue/news/560623.shtmlHomeland Security Urges Lenovo Customers To Remove Superfish2015-02-21 16:08:33 - Slashdot Your Rights Online : HughPickenscom 3830033 writes Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove Superfish software from their computers According to an alert released through its National Cyber Awareness System the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites and perform other attacks on Lenovo PCs with the software installed Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns, the company said in a statement to Reuters early on Thursday On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling Superfish We should have known about this sooner, Tingler said in an email And if we could go back, we never would have installed this software on our machines But we can't, so we are dealing with this head on IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/560621.shtmlhttp://www.secuobs.com/revue/news/560621.shtmlCompTIA Security SY0-401 vs SY0-301 Changes by InfosecEdu2015-02-21 08:13:52 - Security Bloggers Network : A new version of the popular CompTIA Security certification is out, and the content it covers has expanded significantly over the past three years The post CompTIA Security SY0-401 vs SY0-301 Changes by InfosecEdu appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/560601.shtmlhttp://www.secuobs.com/revue/news/560601.shtmlLenovo shipped laptops with security flaw, experts say2015-02-21 08:02:55 - Computer Security News : If you've recently purchased a laptop computer made by Lenovo, you may want to hear this Experts say the world's biggest computer maker shipped laptops with pre-installed software that could let hackers steal passwords or other sensitive information when you use the web to shop, pay bills or check email Lenovo said Thursday that it has disabled the offending software, known as Superfish, and will provide customers with a tool that permanently removes the program from their computers http://www.secuobs.com/revue/news/560600.shtmlhttp://www.secuobs.com/revue/news/560600.shtmlThe Security Big Data Lake Paper Published2015-02-21 05:41:11 - Security Intelligence and Big Data raffy.ch blog : As announced in the previous blog post, I have been writing a paper about the security big data lake A topic that starts coming up with more and more organizations lately Unfortunately, there is a lot uncertainty around the term so I decided to put some structure to the discussion Download the paper here A http://www.secuobs.com/revue/news/560581.shtmlhttp://www.secuobs.com/revue/news/560581.shtmlThe process of building security culture2015-02-20 23:55:35 - The Kai Roer Blog : The Security Culture Framework SCF , the open and free methodology, is a process of building security culture It was created to help you organize your work with building and maintaining security culture Using the principles found in process management, the SCF will enable you to document your progress, and create Continue reading The post The process of building security culture appeared first on The Kai Roer Blog http://www.secuobs.com/revue/news/560566.shtmlhttp://www.secuobs.com/revue/news/560566.shtmlSuperfish doubles down, says HTTPS-busting adware poses no security risk2015-02-20 22:42:38 - Ars Technica Risk Assessment : Denial comes despite near-unanimous agreement that it left Lenovo users wide open http://www.secuobs.com/revue/news/560564.shtmlhttp://www.secuobs.com/revue/news/560564.shtmlEnterprise security What s new for the week of February 16, 20152015-02-20 20:55:26 - Security Bloggers Network : entsec news_smalljpgHere s what new in Threat Intelligence Zero-Day Coverage for HP TippingPoint for the week February 16, 2015 IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/560473.shtmlhttp://www.secuobs.com/revue/news/560473.shtmlLe rapport Piratage de l'OS humain d'Intel Security révèle les techniques de persuasion utilisées par les cybercriminels 2015-02-20 16:27:42 - Global Security Mag Online : Intel Security alerte sur le fait que les méthodes de substitution des données sensibles utilisées par les cybercriminels sont de plus en plus proches de celles utilisées dans le monde réel et notamment des techniques de vente et d'escroquerie Prenez garde à votre sécurité en ligne Deux tiers des emails dans le monde sont des spams qui visent à extorquer des informations personnelles et confidentielles ainsi que de l'argent En 2014, McAfee Labs a enregistré plus de 30 millions de liens suspects, - Points de Vue http://www.secuobs.com/revue/news/560432.shtmlhttp://www.secuobs.com/revue/news/560432.shtmlLatest Security Research Reports February 20, 20152015-02-20 15:32:03 - Security Bloggers Network : The following are the most recent research reports by 451 analysts covering information security A 451 subscription is required to read a full report, if you do not have a subscription you can apply for a trial https 451researchcom apply-for-trial To train or not to train that is the question Because users are out on the http://www.secuobs.com/revue/news/560422.shtmlhttp://www.secuobs.com/revue/news/560422.shtmlI m sorry, I don t speak security Klingon2015-02-20 15:32:03 - Security Bloggers Network : I m just a soul whose intentions are good Oh Lord, please don t let me be misunderstood From Don t Let Me Be Misunderstood by The Animals Recently, I was speaking with a customer who told us their company s top priority for the year was increasing their information security capabilities Their biggest competitive advantage like many other The post I m sorry, I don t speak security Klingon appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/560420.shtmlhttp://www.secuobs.com/revue/news/560420.shtmlSecurity groups should sit under Marketing, not IT2015-02-20 15:28:10 - RLR UK : Ok, so I'm being a little facetious, but I do think that putting Security departments under IT is a bad idea, not because they don't naturally fit well there, but because usually it gives the wrong impression and not enough visibility Security is far more wide reaching than IT alone and touches every part of the business By considering it as part of IT, and utilising IT budgets, it can be pigeonholed and ignored by anyone who wouldn't engage IT for their project or job Security covers all information, from digital to paper-based and is concerned with aspects such as user education as much as technology There is a clear conflict of interest between IT and Security as well Part of the Security team's function is to monitor, audit and assess the systems put in place and maintained by the IT department If the Security team sits within this department then there can be a question over the segregation of duties and responsibility In addition to this, Security departments can end up competing with other parts of IT for budget How well does this work when project budgets are allocated to one department responsible for producing new features and fixing the vulnerabilities in old ones The Security department should answer directly to the board and communicate risk, not technology It is important that they are involved with all aspects of the business from Marketing, through Procurement and Legal, to the IT department You will, more often than not, get a much better idea of what the business does and what's important to it by sitting with the Marketing team than with the IT team Hence the title of this post http://www.secuobs.com/revue/news/560417.shtmlhttp://www.secuobs.com/revue/news/560417.shtmlThe Personal Data Notification Protection Act Seeks Uniformity in Responses to Data Security Breaches2015-02-20 14:55:39 - Office of Inadequate Security : Vito Petretti and Eric J Pennesi of MorganLewis write The Personal Data Notification Protection Act, the Act one http://www.secuobs.com/revue/news/560403.shtmlhttp://www.secuobs.com/revue/news/560403.shtml Googles new Cloud Security Scanner detects common security bugs2015-02-20 13:49:35 - Help Net Security : Here's some good news for Google App Engine developers Google has released a new application security scanner that's especially fitting to test new app builds for cross-site scripting XSS and mixed http://www.secuobs.com/revue/news/560391.shtmlhttp://www.secuobs.com/revue/news/560391.shtml Don t wait until you re attacked to take cybersecurity seriously2015-02-20 09:27:20 - Help Net Security : CISOs foresee cyber terrorism and cybercrime posing significant risks to their organizations over the next three years, according to Raytheon and the Ponemon Institute The survey of 1,006 cyber http://www.secuobs.com/revue/news/560367.shtmlhttp://www.secuobs.com/revue/news/560367.shtmlHow Will Facebook s ThreatExchange Impact the Security Industry 2015-02-20 07:23:44 - Security Bloggers Network : Facebook is all about sharing Users can share thoughts, photos and videos but now, Facebook is trying their hand at a new type of sharing security threats Last week, Facebook announced a new platform, called ThreatExchange, for organizations and security professionals to easily exchange cybersecurity threat information The platform is currently in beta with Bitly, Read More The post How Will Facebook s ThreatExchange Impact the Security Industry appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/560334.shtmlhttp://www.secuobs.com/revue/news/560334.shtmlOffensive Security Lectures - 1 Intro, Ethics, and Overview 2015-02-20 07:21:29 - SecurityTube.Net : This lecture covers the course Intro, syllabus review, distinction between hacking vs penetration testing, ethics discussion, course motivation, threat models and some of the basics PDF - https docsgooglecom presentation d 17MQ1mTTe93gQ0I6JvFm3ZuYMlqmlvareqsyw1iom9AY edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560333.shtmlhttp://www.secuobs.com/revue/news/560333.shtmlOffensive Security Lectures - 2 Secure C Coding 1012015-02-20 07:21:29 - SecurityTube.Net : What you absolutely need to know about secure coding in C C is everywhere PDF - https docsgooglecom presentation d 1nIKo4LLuuUsU-BN23m2zFQgdi7RCmK-SwFbLkssIuwc edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560332.shtmlhttp://www.secuobs.com/revue/news/560332.shtmlOffensive Security Lectures - 3 Secure C Coding 1022015-02-20 07:21:29 - SecurityTube.Net : What you absolutely need to know about secure coding in C C is everywhere PDF - https docsgooglecom presentation d 1EhwXYr2Ffe3VQlkH-PcJ3FXN4xCVvYohC5h6NL0sKw0 edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560331.shtmlhttp://www.secuobs.com/revue/news/560331.shtmlOffensive Security Lectures - 4 Code Auditing2015-02-20 07:21:29 - SecurityTube.Net : Auditing C Code, basic tips strategies and exercises PDF - https docsgooglecom presentation d 1mi8cCN6EU7P-eZrA9ngGT1Bxu9I74-A9nHt4OE2oupQ edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560330.shtmlhttp://www.secuobs.com/revue/news/560330.shtmlOffensive Security Lectures - 5 The Permissions Spectrum2015-02-20 07:21:29 - SecurityTube.Net : Intro to Vulnerability Research topics and the Permissions spectrum PDF - https docsgooglecom presentation d 1PD470vmD95Ye5uDK6yhUXLiiHFwre5I36SjY4d5QJrA edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560329.shtmlhttp://www.secuobs.com/revue/news/560329.shtmlOffensive Security Lectures - 6 Reverse Engineering Workshop 12015-02-20 07:21:29 - SecurityTube.Net : Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer Meet in the lecture room prepared See email PDF - http wwwcsfsuedu redwood OffensiveComputerSecurity reversing FSU_Reversingpdf Class RE Exercises Archive - http wwwcsfsuedu redwood OffensiveComputerSecurity reversing FSU_Reversing_binarieszip For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560328.shtmlhttp://www.secuobs.com/revue/news/560328.shtmlOffensive Security Lectures - 7 Reverse Enginerring Workshop 22015-02-20 07:21:29 - SecurityTube.Net : Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer Meet in the lecture room prepared See email For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560327.shtmlhttp://www.secuobs.com/revue/news/560327.shtmlOffensive Security Lectures - 8 Fuzzing Lecture 12015-02-20 07:21:29 - SecurityTube.Net : Coverage of Fuzzing techniques for SDL, VR, and other applications PDF - https docsgooglecom presentation d 1EXEVsQaRMVNDnmseo-065IDgebivAby95lYPQbQoyYo edit usp sharing http://www.secuobs.com/revue/news/560326.shtmlhttp://www.secuobs.com/revue/news/560326.shtmlOffensive Security Lectures - 10 Fuzzing Lecture 2 and Exploitation Lecture 1012015-02-20 07:21:29 - SecurityTube.Net : There are two videos for this lecture The first half is a wrap up of fuzzing topics The second half the beginning of the exploit development lectures PDF - Fuzzing Slides - https docsgooglecom presentation d 1jUrXSVz0RMP_L-avuMdw2Vf6PaCDnURvTMITXXQyYL8 edit usp sharing Exploitation Slides - https docsgooglecom presentation d 1AEvEm6DA6tI_uKwMxXfJL6xcdEED2dulqrDoyh_Ulsg edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560325.shtmlhttp://www.secuobs.com/revue/news/560325.shtmlOffensive Security Lectures - 10 Part 2 Fuzzing Lecture 2 and Exploitation Lecture 1012015-02-20 07:21:29 - SecurityTube.Net : Part 2 There are two videos for this lecture The first half is a wrap up of fuzzing topics The second half the beginning of the exploit development lectures PDF - Fuzzing Slides - https docsgooglecom presentation d 1jUrXSVz0RMP_L-avuMdw2Vf6PaCDnURvTMITXXQyYL8 edit usp sharing Exploitation Slides - https docsgooglecom presentation d 1AEvEm6DA6tI_uKwMxXfJL6xcdEED2dulqrDoyh_Ulsg edit usp sharing For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560324.shtmlhttp://www.secuobs.com/revue/news/560324.shtmlOffensive Security Lectures - 11 Exploit Development 1022015-02-20 07:21:29 - SecurityTube.Net : Second lecture in the exploit development lecture series Covering the very very basics of exploitation Concept of ret2libc is covered, examples with basic exit shellcode, and some position-independent basic shellcode PDF - https docsgooglecom presentation d 1jG-doOVFTg2ayamQ7E5tlfSw3HLb6VOARUu48TTMpHo edit usp sharing Reading Read 0x500 up to 0x540 in HAOE Writing shellcode Read 0x6A0 up to 0x700 in HAOE For More Information Please Visit - http wwwcsfsuedu redwood OffensiveComputerSecurity http://www.secuobs.com/revue/news/560323.shtmlhttp://www.secuobs.com/revue/news/560323.shtmlOffensive Security Lectures - 12 Exploit Development 1032015-02-20 07:21:29 - SecurityTube.Net : Third lecture in the exploit development lecture series Coverage of heap and format string exploition with demos , as well as exploit mitigations ASLR, NX DEP, stack cookies, EMET, etc PDF - https docsgooglecom presentation d 1jG-doOVFTg2ayamQ7E5tlfSw3HLb6VOARUu48TTMpHo edit usp sharing Reading Read 0x680 up to 0x6A0 in HAOE http://www.secuobs.com/revue/news/560322.shtmlhttp://www.secuobs.com/revue/news/560322.shtmlOffensive Security Lectures - 13 Networking Lecture 1012015-02-20 07:21:29 - SecurityTube.Net : This lecture covers an overview of networking concepts and network security concepts Topics covered Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins backdoors ARP dns dnssec , proxies, weak IP vs strong IP model RFC 1122 PDF - http wwwcsfsuedu redwood OffensiveComputerSecurity networking-for-offensive-security-IPppt Required reading Read 0x400 up to 0x450 in HAOE Related reading not required Defcon 18 - How to hack millions of routers- Craig Heffner http wwwyoutubecom watch v Zazk0plSoQg feature relmfu http://www.secuobs.com/revue/news/560321.shtmlhttp://www.secuobs.com/revue/news/560321.shtmlSecure Domains The DNS Security Debate2015-02-19 19:43:11 - Security Bloggers Network : The post Secure Domains The DNS Security Debate appeared first on Marble Security http://www.secuobs.com/revue/news/560280.shtmlhttp://www.secuobs.com/revue/news/560280.shtml3 Things I Learned While Responding to Security Incidents2015-02-19 19:33:03 - MSI State of Security : Unfortunately, if you work in IT long enough, you re likely to encounter a security incident Having experienced these incidents as a Systems Administrator and as a consultant, I felt that it would benefit others if I shared 3 things that Continue reading The post 3 Things I Learned While Responding to Security Incidents appeared first on MSI State of Security http://www.secuobs.com/revue/news/560277.shtmlhttp://www.secuobs.com/revue/news/560277.shtmlDirectDefense Use Netsparker for Automatic Web Application Security Scans Because it is Accurate and Fast2015-02-19 19:31:31 - Netsparker Web Application Security Scanner : Netsparker continually executes scans in a more optimized way and delivers actionable results every time The false-positive free scanning, means that Netsparker has already attempted to validate the finding for itself before it provides the results, thus eliminating the need for our consultants to spend time chasing down false positives Jim Broome, President, DirectDefense DirectDefence LogoFounded in 2011, DirectDefense offers security services that are unmatched within the industry Their core strength is the deep experience in performing security assessments for a wide array of networks, platforms, applications and web applications DirectDefense s seasoned consultants are focused on providing world-class security services to their clients Regardless of industry aerospace, financial, insurance, retail, hospitality, healthcare, education, gaming, technology or energy and utilities, the wealth of knowledge and experience DirectDefense has assists their customers in achieving their security testing and strategy goals Fast and Accurate Automated Web Application Security Scans ---------------------------------------------------------- As part of their service offerings, DirectDefense provide web applications penetration tests At a minimum they analyse around 300 web application a month, hence speed and accuracy are major key factors when it comes to web application security If the tools they use are slow they cannot keep up with the demand and If they report false positives, consultants will waste precious time verifying the scanner findings The Right Automated Web Application Security Scanner ---------------------------------------------------- DirectDefense have been using automated web application security scanners since the early days They have used all of them but since 2011 they started using Netsparker as their main scanner, and prefer to use it unless they are required to use another solution based on their customer s requirements When asked why they use Netsparker Web Application Security Scanner In a simple word, SPEED Netsparker continually executes scans in a more optimized way and delivers actionable results every time The false-positive free scanning, means that Netsparker has already attempted to validate the findings for itself before it provides the results, thus eliminating the need for our consultants to spend chasing down false positive findings, said the president of DirectDefense Jim Broome This lets our consultants focus on refining their testing and validation of existing vulnerabilities and provide quicker results to our customers Benefits of Netsparker Web Application Security Scanner ------------------------------------------------------- Speed, automation and accuracy are some of the reasons why a security firm such as DirectDefense uses an automated web vulnerability scanner, and as per Mr Broome s words Netsparker has it all Speed It is easy to configure and is one of the faster scanners with regards to scan completion Automation Netsparker is easy to automate and can successfully complete batch scans of 100 s of websites and web applications Accuracy Netsparker produces accurate results time and time again, and when its not 100pourcents sure on a finding, it tells you so This allows a tester or a consultant to focus on which areas to validate and which areas already have proof of a vulnerability The Need to Detect all Technical Vulnerabilities on All Type of Frameworks --------------------------------------------------------------- Accuracy and adaptability are as important as speed and automation when your clientele consists of major banks and financial institutions Having such a varied clientele, DirectDefense has seen it all As Mr Broome says You name it, we have scanned it It could be a NET, PHP, Spring, Struts or Java web application running on Apache, NGinx or IIS DirectDefense has seen it and scanned it with Netsparker Netsparker consistently finds and validates SQL injection vulnerabilities faster than any scanner we have ever used Be it a banking application or a cloud based CRM application, we recommend continual testing, and Netsparker is such a tool to assist with meeting these requirements, stated DirectDefense s president World Class Support is Another Important Requirement ---------------------------------------------------- It is a must to use the right security tools when scanning web applications if you do not want to miss a vulnerability A malicious attacker only needs to exploit a single vulnerability to gain unauthorized access to the web application and the sensitive data it stores Web application security is a critical business and one should not forge ahead alone Hence world class support is also another vital requirement security experts such as DirectDefense have when choosing their tools The Netsparker support department is known for its world class support, and Mr Broome confirms this Yes, if you have a complex issue or even one that is simple to resolve, the Netsparker support staff is there Don t be surprise if you get emailed from Ferruh the CEO with recommendations and suggestions He couldn t have said it better We thrive to deliver world class support, and if need be even our CEO, who is a seasoned penetration tester himself gets involved in support tickets About DirectDefense ------------------- Founded in 2011, DirectDefense offers security services that are unmatched within the industry Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications Our seasoned consultants are focused on providing world-class security services to our clients Regardless of industry financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals About Netsparker ---------------- Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive web application security scanners Netsparker Desktop and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products Founded in 2009, Netsparker's automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst Young Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst Young IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/560276.shtmlhttp://www.secuobs.com/revue/news/560276.shtmlDirectDefence Use Netsparker for Automatic Web Application Security Scans Because it is Accurate and Fast2015-02-19 18:57:03 - Netsparker Web Application Security Scanner : Netsparker continually executes scans in a more optimized way and delivers actionable results every time The false-positive free scanning, means that Netsparker has already attempted to validate the finding for itself before it provides the results, thus eliminating the need for our consultants to spend time chasing down false positives Jim Broome, President, DirectDefence DirectDefence LogoFounded in 2011, DirectDefense offers security services that are unmatched within the industry Their core strength is the deep experience in performing security assessments for a wide array of networks, platforms, applications and web applications DirectDefence s seasoned consultants are focused on providing world-class security services to their clients Regardless of industry aerospace, financial, insurance, retail, hospitality, healthcare, education, gaming, technology or energy and utilities, the wealth of knowledge and experience DirectDefence has assists their customers in achieving their security testing and strategy goals Fast and Accurate Automated Web Application Security Scans ---------------------------------------------------------- As part of their service offerings, DirectDefence provide web applications penetration tests At a minimum they analyse around 300 web application a month, hence speed and accuracy are major key factors when it comes to web application security If the tools they use are slow they cannot keep up with the demand and If they report false positives, consultants will waste precious time verifying the scanner findings The Right Automated Web Application Security Scanner ---------------------------------------------------- DirectDefence have been using automated web application security scanners since the early days They have used all of them but since 2011 they started using Netsparker as their main scanner, and prefer to use it unless they are required to use another solution based on their customer s requirements When asked why they use Netsparker Web Application Security Scanner In a simple word, SPEED Netsparker continually executes scans in a more optimized way and delivers actionable results every time The false-positive free scanning, means that Netsparker has already attempted to validate the findings for itself before it provides the results, thus eliminating the need for our consultants to spend chasing down false positive findings, said the president of DirectDefence Jim Broome This lets our consultants focus on refining their testing and validation of existing vulnerabilities and provide quicker results to our customers Benefits of Netsparker Web Application Security Scanner ------------------------------------------------------- Speed, automation and accuracy are some of the reasons why a security firm such as DirectDefence uses an automated web vulnerability scanner, and as per Mr Broome s words Netsparker has it all Speed It is easy to configure and is one of the faster scanners with regards to scan completion Automation Netsparker is easy to automate and can successfully complete batch scans of 100 s of websites and web applications Accuracy Netsparker produces accurate results time and time again, and when its not 100pourcents sure on a finding, it tells you so This allows a tester or a consultant to focus on which areas to validate and which areas already have proof of a vulnerability The Need to Detect all Technical Vulnerabilities on All Type of Frameworks --------------------------------------------------------------- Accuracy and adaptability are as important as speed and automation when your clientele consists of major banks and financial institutions Having such a varied clientele, DirectDefence has seen it all As Mr Broome says You name it, we have scanned it It could be a NET, PHP, Spring, Struts or Java web application running on Apache, NGinx or IIS DirectDefence has seen it and scanned it with Netsparker Netsparker consistently finds and validates SQL injection vulnerabilities faster than any scanner we have ever used Be it a banking application or a cloud based CRM application, we recommend continual testing, and Netsparker is such a tool to assist with meeting these requirements, stated DirectDefence s president World Class Support is Another Important Requirement ---------------------------------------------------- It is a must to use the right security tools when scanning web applications if you do not want to miss a vulnerability A malicious attacker only needs to exploit a single vulnerability to gain unauthorized access to the web application and the sensitive data it stores Web application security is a critical business and one should not forge ahead alone Hence world class support is also another vital requirement security experts such as DirectDefence have when choosing their tools The Netsparker support department is known for its world class support, and Mr Broome confirms this Yes, if you have a complex issue or even one that is simple to resolve, the Netsparker support staff is there Don t be surprise if you get emailed from Ferruh the CEO with recommendations and suggestions He couldn t have said it better We thrive to deliver world class support, and if need be even our CEO, who is a seasoned penetration tester himself gets involved in support tickets About DirectDefence ------------------- Founded in 2011, DirectDefense offers security services that are unmatched within the industry Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications Our seasoned consultants are focused on providing world-class security services to our clients Regardless of industry financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals About Netsparker ---------------- Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive web application security scanners Netsparker Desktop and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products Founded in 2009, Netsparker's automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst Young Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst YoungNetsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive free Netsparker Web Application Security Scanner and Netsparker Cloud Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products, Netsparker Web Application Security Scanner and Netsparker Cloud Founded in 2009, Netsparker s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst Young IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/560270.shtmlhttp://www.secuobs.com/revue/news/560270.shtmlISEO and Implications for Proactive Cybersecurity2015-02-19 18:34:24 - Security Bloggers Network : On Friday at the White House Summit on Cybersecurity and Consumer Protection, President Barack Obama signed an Information Sharing Executive Order to promote cybersecurity information sharing in the The post ISEO and Implications for Proactive Cybersecurity appeared first on Alert Logic http://www.secuobs.com/revue/news/560268.shtmlhttp://www.secuobs.com/revue/news/560268.shtmlStick or Carrot Obama Calls for Public Private Sector Cyber-Security Collaboration2015-02-19 18:34:24 - Security Bloggers Network : Last Friday, President Obama continued his efforts of advancing cyber-security as a national priority In a speech at Stanford University in the heart of Silicon Valley, the President emphasized the importance of collaboration between the public and private sectors to an audience of students, consumer-oriented companies, and representatives of the technology sector The focus is http://www.secuobs.com/revue/news/560265.shtmlhttp://www.secuobs.com/revue/news/560265.shtmlGoogle s cloud will now scan web apps for common security flaws2015-02-19 18:34:24 - Security Bloggers Network : Google's new Cloud Security Scanner allows users to easily scan applications for two common vulnerabilities cross-site scripting, and mixed content http://www.secuobs.com/revue/news/560262.shtmlhttp://www.secuobs.com/revue/news/560262.shtmlErrata Security Extracting the SuperFish certificate2015-02-19 17:11:19 - Reverse Engineering : submitted by galapag0 link comment http://www.secuobs.com/revue/news/560254.shtmlhttp://www.secuobs.com/revue/news/560254.shtmlAWS Security Fundamentals Dos and Don ts, with Professor Wool2015-02-19 15:00:40 - Security Bloggers Network : slide1_001Enterprise-sanctioned application deployments on Infrastructure as a Service IaaS cloud platforms are fast becoming a reality But while IaaS s flexibility and cost-savings benefits are important, its success as a business solution hinges on its security Read more on AWS Security Fundamentals Dos and Don ts, with Professor Wool The post AWS Security Fundamentals Dos and Don ts, with Professor Wool appeared first on Security Management at the Speed of Business - AlgoSec Blog http://www.secuobs.com/revue/news/560224.shtmlhttp://www.secuobs.com/revue/news/560224.shtmlThe security pitfalls that could be waiting for you in 20152015-02-19 13:52:39 - Security Bloggers Network : SecurityIn the absence of a reliable crystal ball, we ve taken our best guess at what trends may crop up in the security world in 2015 and assembled our top six things to keep a lookout for More attackers playing the long game It s possible we ll see hackers happy to gain access to a targeted http://www.secuobs.com/revue/news/560217.shtmlhttp://www.secuobs.com/revue/news/560217.shtmlGot one of these Netgear wireless routers You ve got a security problem2015-02-19 10:56:09 - Security Bloggers Network : A warning has been issued about what appears to be a serious security issue affecting several Netgear WiFi routers, and could result in hackers stealing sensitive information, including admin passwords and wireless keys Read more in my article on the http://www.secuobs.com/revue/news/560194.shtmlhttp://www.secuobs.com/revue/news/560194.shtml Endpoint security becoming critical focus area2015-02-19 08:38:47 - Help Net Security : Detecting and responding to modern threats on endpoints has become a key business priority according to a survey by the Enterprise Strategy Group They polled 340 IT and information security professi http://www.secuobs.com/revue/news/560183.shtmlhttp://www.secuobs.com/revue/news/560183.shtmlShmoocon 2015 - The Joy of Intelligent Proactive Security2015-02-19 07:11:31 - SecurityTube.Net : Scott Behrens and Andy Hoernecke Netflix is amongst the largest users of the public cloud, consuming roughly 30pourcents of all the US's downstream bandwidth at peak Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security This presentation will assert that the agility of modern infrastructure requires a different approach to security We look at common areas of a mature security program identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations Scott Behrens and Andy Hoernecke are both security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago Bsides, and a handful of other security conferences Prior to Netflix, Andy built the application security program for a Fortune 100 retailer, and taught web application security to grad students at DePaul University For More Information Please Visit - wwwshmooconorg http://www.secuobs.com/revue/news/560174.shtmlhttp://www.secuobs.com/revue/news/560174.shtmlSecurity In The Year 20202015-02-19 06:40:39 - Security Bloggers Network : We now appreciate the revelation that went public in February 2015 that international hackers circumvented what was supposed to be robust systems and defences, and managed to get away with an estimated 1 billion from a spectrum of around 100 banks located in 30 countries in what has been described as systemic cybercrime With Read More The post Security In The Year 2020 appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/560159.shtmlhttp://www.secuobs.com/revue/news/560159.shtmlSecurity Slice Big Backdoor Problems2015-02-19 06:40:39 - Security Bloggers Network : Apple joined backdoor bootkit club last month with Thunderstrike This malware can spread through Apple s Thunderbolt interface and create a permanent backdoor to the device The infection can even withstand hard drive reformats and OS reinstallations Apple is expected to patch the bootkit in OS X 10102, but what steps can hardware vendors take to Read More The post Security Slice Big Backdoor Problems appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/560158.shtmlhttp://www.secuobs.com/revue/news/560158.shtmlOur Opinion Companies must improve cyber security2015-02-19 02:26:54 - Computer Security News : The revelation this week that a hacker gang stole as much as 1 billion from banks around the world is setting off alarms among security experts who warn that financial institutions aren't doing enough to protect themselves and their customers, and in fact are putting the entire financial system at risk A report released Monday by Russian security firm Kaspersky Lab indicates that the series of thefts constitutes the largest known bank heist in modern history, affecting more than 100 banks in 30 countries, according to International Business Times http://www.secuobs.com/revue/news/560151.shtmlhttp://www.secuobs.com/revue/news/560151.shtmlHiring National Security Cyber Security Researcher2015-02-19 02:24:57 - Reverse Engineering : submitted by BlackmereCyber link 1 comment http://www.secuobs.com/revue/news/560150.shtmlhttp://www.secuobs.com/revue/news/560150.shtml7444 Security Labels in Internet Email2015-02-19 00:33:27 - New RFCs : 31KB This document describes a header field, SIO-Label, for use in Internet email to convey the sensitivity of the message This header field may carry a textual representation a display marking and or a structural representation a security label of the sensitivity of the message This document also describes a header field, SIO-Label-History, for recording changes in the message's label http://www.secuobs.com/revue/news/560134.shtmlhttp://www.secuobs.com/revue/news/560134.shtml7454 BGP Operations and Security2015-02-19 00:33:27 - New RFCs : 56KB The Border Gateway Protocol BGP is the protocol almost exclusively used in the Internet to exchange routing information between network domains Due to this central nature, it is important to understand the security measures that can and should be deployed to prevent accidental or intentional routing disturbances http://www.secuobs.com/revue/news/560132.shtmlhttp://www.secuobs.com/revue/news/560132.shtmlFive Questions The Financial Industry Should Be Asking About Security2015-02-19 00:23:02 - Security Bloggers Network : As the mobile market continues to skyrocket and gain new users, financial industries are finding it increasingly more difficult to protect their customers against online fraud Add in the seemingly never-ending wave ofread more The post Five Questions The Financial Industry Should Be Asking About Security appeared first on Webroot Threat Blog http://www.secuobs.com/revue/news/560130.shtmlhttp://www.secuobs.com/revue/news/560130.shtmlDo Cyber Security Breaches Determine Your Fate 2015-02-18 23:14:01 - Security Bloggers Network : Over the past year we have seen corporate cyber security breaches decimating business value, killing companies and ending careers Even at the highest levels within the largest corporations, no one is exempt from the damage a cyber security breach caus http://www.secuobs.com/revue/news/560124.shtmlhttp://www.secuobs.com/revue/news/560124.shtml BadUSB Poses Threat to Industrial Control Systems, Says Security Researcher2015-02-18 20:45:23 - Security Bloggers Network : Last summer, security researchers Karsten Nohl and Jakob Lell developed a malware program, dubbed BadUSB, to prove the insecure development of USB devices The pair of security researchers revealed how they managed to reprogram the firmware on removable USB drives to include malicious code, giving potential attackers the ability to take over PCs, redirect Read More The post BadUSB Poses Threat to Industrial Control Systems, Says Security Researcher appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/560108.shtmlhttp://www.secuobs.com/revue/news/560108.shtmlRisky Clicks End users cause the majority of security headaches2015-02-18 18:58:55 - Security Bloggers Network : In January 2015, Bromium conducted a survey of more than 100 information security professionals, focused on the greatest challenges and risks facing their organizations today The results indicate that end users continue to remain the greatest security risk, thanks to their tendency to click on suspicious and malicious e-mail and URLs Bromium published similar research in June 2014, which determined http://www.secuobs.com/revue/news/560089.shtmlhttp://www.secuobs.com/revue/news/560089.shtmlCheck Point buys Israeli cyber security firm Hyperwise2015-02-18 18:08:09 - Computer Security News : Internet and network security provider Check Point Software Technologies has bought Israeli start-up Hyperwise, saying it will help it compete in the fast growing cyber security market Check Point said on Wednesday it paid tens of millions of dollars for Hyperwise, a company with roots in Israel's military intelligence and electronic espionage Unit 8200 http://www.secuobs.com/revue/news/560078.shtmlhttp://www.secuobs.com/revue/news/560078.shtml3 Factors for a Successful Cloud Security Partnership2015-02-18 17:12:19 - Security Bloggers Network : At Perspecsys, we partner with our customers to implement industry-leading cloud security solutions so that they are able to confidently adopt and capitalize on popular and often business-improving cloud applications The Perspecsys team of cloud security experts enables secure cloud adoption by implementing best practices throughout the deployment lifecycle I shared in a previous blog The post 3 Factors for a Successful Cloud Security Partnership appeared first on Perspecsys http://www.secuobs.com/revue/news/560074.shtmlhttp://www.secuobs.com/revue/news/560074.shtmlFlorian Malecki, Dell Network Security L'approche Triple A' appliquée à la sécurité informatique des entreprises 2015-02-18 16:53:41 - Global Security Mag Online : Les notations Triple A appartiennent le plus souvent au monde de la finance où les directeurs financiers gardent toujours un œil sur les cotes de crédit publiées par les agences de notation comme Moody's Dans l'univers de l'informatique, comment un DSI ou un décideur informatique peut-il évaluer l'efficacité des politiques de sécurité informatique mises en œuvre La sécurité IT est l'une des préoccupations majeures des décideurs informatiques à l'aune des attaques récentes qui ciblent les entreprises - Points de Vue http://www.secuobs.com/revue/news/560071.shtmlhttp://www.secuobs.com/revue/news/560071.shtmlFirst update for Outlook apps improves security but lots remains to be done2015-02-18 15:27:10 - Security Bloggers Network : Microsoft announced the first update to the Outlook for iOS and Android apps on February 17 since the launch of the rebranded software acquired from Acompli last month Tony Redmond's Exchange Unwashed read more http://www.secuobs.com/revue/news/560061.shtmlhttp://www.secuobs.com/revue/news/560061.shtmlSecure Crypto Leaving Insecurity Behind2015-02-18 15:27:10 - Security Bloggers Network : There are a number of TLS protocols vulnerabilities that have been discovered in recent years Of those there are three that can and should be prevented by design Renegotiation Attack, Triple Handshake Attack and CRIME The Renegotiation and Triple Handshake Attacks both rely on failures in the design of the renegotiation feature The original Renegotiation The post Secure Crypto Leaving Insecurity Behind appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/560055.shtmlhttp://www.secuobs.com/revue/news/560055.shtmlDiane Rambaldini Présidente de l'ISSA France Security Tuesday Transformation digitale et sécurité, blocage ou opportunité 2015-02-18 13:53:57 - Global Security Mag Online : A l'occasion du Salon Documation-MIS le 18 et 19 mars prochain, au CNIT à Paris, Diane Rambaldini Présidente de l'ISSA France Security Tuesday revient sur les enjeux de la sécurité Les risques de cybercriminalité de masse, d'attaque ciblée, d'atteinte à la protection des données personnelles, sont intimement liés à Internet Les nouveaux usages de la société à commencer par la mobilité numérique et à l'hyper présence numérique avec les objets connectés augmentent sensiblement ces risques, tant d'ailleurs - Risk Management http://www.secuobs.com/revue/news/560028.shtmlhttp://www.secuobs.com/revue/news/560028.shtmlA Cyber Study of the US National Security Strategy Reports2015-02-18 05:51:08 - Security Bloggers Network : In early February, the White House released its 2015 National Security Strategy NSS Each NSS report is symbolic to the extent that it reveals the security issues the acting US president intends to focus on for the coming months and years While not constituting hard, actionable strategies, these documents help to articulate the future security Read More The post A Cyber Study of the US National Security Strategy Reports appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/559972.shtmlhttp://www.secuobs.com/revue/news/559972.shtmlSecurity Audit of Safeplug Tor in a Box 2015-02-18 05:16:42 - SecurityTube.Net : Authors Anne Edmundson, Anna Kornfeld Simpson, Joshua A Kroll, and Edward W Felten, Princeton University Open Access Content Papers are restricted to registered attendees until the event begins Once the event begins, the content becomes free and open to everyone Journal articles are open to everyone upon publication If available, video, audio, and or slides of this presentation will be posted here after the event Edmundson PDF BibTeX Abstract We present the first public third-party security audit of Pogoplug s Safeplug device, which markets complete security and anonymity online by using Tor technology to protect users IP addresses We examine the hardware, software, and network behavior of the Safeplug device, as well as the user experience in comparison to other forms of web browsing Although the Safeplug appears to use Tor as advertised, users may still be identified in ways they may not expect Furthermore, an engineering vulnerability in how the Safeplug accepts settings changes would allow an adversary internal or external to a user s home network to silently disable Tor or modify other Safeplug settings, which completely invalidates the security claims of the device Beyond this problem, the user experience challenges of this type of device make it inferior to the existing gold standard for anonymous browsing the Tor Browser Bundle PDF - https wwwusenixorg system files conference foci14 foci14-edmundsonpdf For More Information Please Visit - https wwwusenixorg conference foci14 http://www.secuobs.com/revue/news/559968.shtmlhttp://www.secuobs.com/revue/news/559968.shtmlEkoparty 2014 - Security Vulnerabilitys In DVB-C Network Hacking Cable2015-02-18 05:16:42 - SecurityTube.Net : Security vulnerabilities in DVB-C networks Hacking Cable tV network part 2 DVB-C stands for Digital Video Broadcasting - Cable and it is the DVB European consortium standard for the broadcast transmission of digital television over cable This system transmits an MPEG-2 or MPEG-4 family digital audio digital video stream, using a QAM modulation with channel coding The standard was first published by the ETSI in 1994, and subsequently became the most widely used transmission system for digital cable television in Europe source http enwikipediaorg wiki DVB-C We been working with a Cable TV service provide for the past 1 year With digital cable tv implementations, the transmited MPEG streams are encrypted scrambled and users needs a setup box to de-scramble decode the streams Also service providers can shut down a device remotely if no payment or even display a custom text message that will scroll on top of a video This is made possible by Middleware servers or applications servers that are used to manage the DVM networks So in our talks we cover the various attacks we can do on DVB-C infrastructure That will include the following topics 1 Security Vulnerabilities in DVB-C middleware servers Hijacking a TV stream 2 Implementation bugs in DVB-C network protocol Man in the Middle Attacks 3 Fuzzing setup boxes via MPEG streams Shutting down Setup boxes 4 Demo taking over your Cable TV BroadCasting Sobre Rahul Sasi Rahul Sasi fb1h2s is working as a Security Engineer for Citrix Systems He has authored multiple security tools, advisories and articles He has been invited to speak at various security conferences like HITB KL , BlackHat US Arsenal , Cocon 2011-2014 , Nullcon 2011-2014 , HITB AMS 2012,2013,2014 , BlackHat EU 2012 , EKoparty Argentina , CanSecwest Canada 2013 , HITCON taiwan His work could be found at Garage4Hackers For More Information Please Visit - http wwwekopartyorg http://www.secuobs.com/revue/news/559966.shtmlhttp://www.secuobs.com/revue/news/559966.shtml5 ways cyber threat intelligence can improve your security2015-02-18 04:44:26 - Security Bloggers Network : My latest piece in The Business Journals entitled 5 ways cyber threat intelligence can improve your security is out Threat intelligence is a hot topic these days, but how can organizations wade through the hype and into the intelligence sea http://www.secuobs.com/revue/news/559958.shtmlhttp://www.secuobs.com/revue/news/559958.shtmlCAVIRTEX shutting down following security issues2015-02-18 02:25:37 - Office of Inadequate Security : Katherine Fletcher reports Canadian Bitcoin exchange CAVIRTEX announced Tuesday that it is ceasing operations next month http://www.secuobs.com/revue/news/559955.shtmlhttp://www.secuobs.com/revue/news/559955.shtmlTerrorist encryption tools nothing more than security cape and gov t red flag2015-02-17 22:36:16 - Security Bloggers Network : Terrorist groups such as ISIS and Al Qaeda have something in common -- they are using encryption tools which are not worthy of the name http://www.secuobs.com/revue/news/559942.shtmlhttp://www.secuobs.com/revue/news/559942.shtmlCompTIA Security Live Training Central London2015-02-17 19:36:39 - Security Bloggers Network : Concise Courses Concise AC Limited is pleased to announce that as from March 2015 we will be running Live Training for Security in Central London We ve been operating a self-study Security course for a few years now having trained and helped over 600 cyber security professionals achieve their CompTIA Securityplus designation, so we are now The post CompTIA Security Live Training Central London appeared first on Information Security http://www.secuobs.com/revue/news/559928.shtmlhttp://www.secuobs.com/revue/news/559928.shtmlUpcoming Webinar Turn Your Network from a Security Vulnerability into a Weapon Against Cyber-attacks2015-02-17 19:36:39 - Security Bloggers Network : Upcoming Webinar Turn Your Network from a Security Vulnerability into a Weapon Against Cyber-attacks ---------------------------------------------------------------------- IMAGE Andrew Akers Feb 17, 2015 Turn your network from a security vulnerability into a weapon against cyber-attacks It wasn t too long ago that an effective cybersecurity system just required installing antivirus software on all computers and creating a VPN to Read more Network Visibility, Threat Detection, Cisco, webinar IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/559927.shtmlhttp://www.secuobs.com/revue/news/559927.shtmlJust How Much Sharing of Security Risks Does It Take to Get Locked Up 2015-02-17 19:01:17 - Security Bloggers Network : Let s not get too carried away with thinking you post a link and go directly to jail read more http://www.secuobs.com/revue/news/559922.shtmlhttp://www.secuobs.com/revue/news/559922.shtml